وصله امنیتی سه شنبه های آپریل 2021 مایکروسافت، با 5 آسیب پذیری Zero-Day و تعدادی آسیب پذیری Microsoft Exchange منتشر شد.
در این به روز رسانی 108 آسیب پذیری رفع شده که 19 مورد از آنها حیاتی و 89 مورد مهم هستند. این شرکت 4 آسیب پذیری Exchange که توسط NSA کشف شده بود را نیز رفع نموده است.
5 آسیب پذیری Zero-Day
4 آسیب پذیری زیر به صورت عمومی منتشر شده ولی مورد سواستفاده قرار نگرفته اند :
• CVE-2021-27091 – RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
• CVE-2021-28312 – Windows NTFS Denial of Service Vulnerability
• CVE-2021-28437 – Windows Installer Information Disclosure Vulnerability – PolarBear
• CVE-2021-28458 – Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
آسیب پذیری زیر که توسط محققین کسپرسکی کشف شده و از آن بهره برداری های زیادی شده است :
- CVE-2021-28310 – Win32k Elevation of Privilege Vulnerability
کسپرسکی معتقد است آسیب پذیری فوق توسط گروه BITTER APT مورد بهره برداری و سواستفاده قرار گرفته است.
آسیب پذیری های Microsoft Exchange کشف شده توسط NSA
دو مورد از این آسیب پذیری ها pre-authentication هستند، یعنی مهاجم نیازی ندارد که در ابتدا به سرور لاگین شود.
تاکنون هیچ یک از این آسیب پذیری ها با شماره شناسایی های زیر مورد بهره برداری فعال قرار نگرفته اند :
• CVE-2021-28480 – Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-28481 – Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-28482 – Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-28483 – Microsoft Exchange Server Remote Code Execution Vulnerability
لیست کامل به روزرسانی های این ماه مایکروسافت در جدول زیر قابل مشاهده است :
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure AD Web Sign-in | CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | Important |
| Azure DevOps | CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure DevOps | CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | Important |
| Azure Sphere | CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | Critical |
| Microsoft Edge (Chromium-based) | CVE-2021-21199 | Chromium: CVE-2021-21199 Use Use after free in Aura | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-21194 | Chromium: CVE-2021-21194 Use after free in screen capture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-21197 | Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-21198 | Chromium: CVE-2021-21198 Out of bounds read in IPC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-21195 | Chromium: CVE-2021-21195 Use after free in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2021-21196 | Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip | Unknown |
| Microsoft Exchange Server | CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability | Important |
| Microsoft Internet Messaging API | CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | Important |
| Microsoft NTFS | CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability | Moderate |
| Microsoft NTFS | CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-28450 | Microsoft SharePoint Denial of Service Update | Important |
| Microsoft Office Word | CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
| Microsoft Windows DNS | CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability | Important |
| Microsoft Windows DNS | CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability | Important |
| Microsoft Windows Speech | CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Speech | CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Speech | CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Open Source Software | CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | Important |
| Role: Hyper-V | CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| Role: Hyper-V | CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Hyper-V | CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
| Role: Hyper-V | CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code – GitHub Pull Requests and Issues Extension | CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Important |
| Visual Studio Code – Kubernetes Tools | CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | Important |
| Visual Studio Code – Maven for Java Extension | CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | Important |
| Windows Application Compatibility Cache | CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability | Important |
| Windows AppX Deployment Extensions | CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability | Important |
| Windows Console Driver | CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability | Important |
| Windows Console Driver | CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important |
| Windows Early Launch Antimalware Driver | CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | Important |
| Windows ELAM | CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | Important |
| Windows Event Tracing | CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2021-26413 | Windows Installer Spoofing Vulnerability | Important |
| Windows Installer | CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Media Player | CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical |
| Windows Media Player | CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability | Critical |
| Windows Network File System | CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | Important |
| Windows Overlay Filter | CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
| Windows Portmapping | CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Resource Manager | CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
| Windows Services and Controller App | CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability | Important |
| Windows SMB Server | CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows SMB Server | CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows TCP/IP | CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows TCP/IP | CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows WLAN Auto Config Service | CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | Important |
منبع :
