Description:

Microsoft has released security updates to address several vulnerabilities in the following products:

• Azure AD Web Sign-in
• Azure DevOps
• Azure Sphere
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Internet Messaging API
• Microsoft NTFS
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows Speech
• Open Source Software
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Visual Studio Code - GitHub Pull Requests and Issues Extension
• Visual Studio Code - Kubernetes Tools
• Visual Studio Code - Maven for Java Extension
• Windows Application Compatibility Cache
• Windows AppX Deployment Extensions
• Windows Console Driver
• Windows Diagnostic Hub
• Windows Early Launch Antimalware Driver
• Windows ELAM
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Media Player
• Windows Network File System
• Windows Overlay Filter
• Windows Portmapping
• Windows Registry
• Windows Remote Procedure Call Runtime
• Windows Resource Manager
• Windows Secure Kernel Mode
• Windows Services and Controller App
• Windows SMB Server
• Windows TCP/IP
• Windows Win32K
• Windows WLAN Auto Config Service

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Execute arbitrary code –remotely
• Denial of service attack (DoS)
• Escalation of privilege
• Unauthorized disclosure of information

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr