Microsoft Updates
2346Warning Date
Severity Level
Warning Number
Target Sector
14 April, 2021
● High
2021-2761
All
Description:
Microsoft has released security updates to address several vulnerabilities in the following products:
- Azure AD Web Sign-in
- Azure DevOps
- Azure Sphere
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Internet Messaging API
- Microsoft NTFS
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft Windows Codecs Library
- Microsoft Windows Speech
- Open Source Software
- Role: DNS Server
- Role: Hyper-V
- Visual Studio
- Visual Studio Code
- Visual Studio Code - GitHub Pull Requests and Issues Extension
- Visual Studio Code - Kubernetes Tools
- Visual Studio Code - Maven for Java Extension
- Windows Application Compatibility Cache
- Windows AppX Deployment Extensions
- Windows Console Driver
- Windows Diagnostic Hub
- Windows Early Launch Antimalware Driver
- Windows ELAM
- Windows Event Tracing
- Windows Installer
- Windows Kernel
- Windows Media Player
- Windows Network File System
- Windows Overlay Filter
- Windows Portmapping
- Windows Registry
- Windows Remote Procedure Call Runtime
- Windows Resource Manager
- Windows Secure Kernel Mode
- Windows Services and Controller App
- Windows SMB Server
- Windows TCP/IP
- Windows Win32K
- Windows WLAN Auto Config Service
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code –remotely
- Denial of service attack (DoS)
- Escalation of privilege
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review Microsoft security advisory and apply the necessary updates: