VERT Threat Alert: April 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-939 on Wednesday, April 14th.

In-The-Wild & Disclosed CVEs


Borin Larin of Kaspersky Lab discovered this vulnerability being actively used for exploitation and suspects that it is tied to the BITTER APT group. Larin and co-authors have released a detailed technical write-up on this vulnerability that impacts the Desktop Window Manager.

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.


This publicly disclosed denial of service impacts the Windows NTFS file system. Windows 10 as well as Windows Server 2019 and Server version 20H2 are impacted.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


A publicly disclosed information disclosure in the Windows Installer could allow attackers to read from the file system. Based on the Microsoft security guidance, all versions of Windows from Windows 7 to Windows 10 and their associated server platforms are vulnerable.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


The final publicly exploited vuln this month is found in @azure/ms-rest-nodeauth, a node-js library for Azure authentication. The fix for this vulnerability was committed on March 23, 2021 and can reviewed on github.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


This publicly disclosed privilege elevation vulnerability in the RPC Endpoint Mapper Service only affects older operating systems with patches available for Windows 7, Windows Server 2008 R2, and Windows Server 2012. 

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
Visual Studio Code – Kubernetes Tools 1 CVE-2021-28448
Microsoft NTFS 2 CVE-2021-27096, CVE-2021-28312
Open Source Software 1 CVE-2021-28458
Microsoft Office Word 1 CVE-2021-28453
Microsoft Windows Speech 3 CVE-2021-28347, CVE-2021-28351, CVE-2021-28436
Windows Resource Manager 1 CVE-2021-28320
Windows Installer 4 CVE-2021-26413, CVE-2021-26415, CVE-2021-28437, CVE-2021-28440
Visual Studio 1 CVE-2021-27064
Visual Studio Code – GitHub Pull Requests and Issues Extension 1 CVE-2021-28470
Windows Network File System 1 CVE-2021-28445
Microsoft Office SharePoint 1 CVE-2021-28450
Microsoft Windows Codecs Library 5 CVE-2021-27079, CVE-2021-28317, CVE-2021-28464, CVE-2021-28466, CVE-2021-28468
Visual Studio Code 6 CVE-2021-28457, CVE-2021-28469, CVE-2021-28471, CVE-2021-28475, CVE-2021-28477, CVE-2021-28473
Windows Application Compatibility Cache 1 CVE-2021-28311
Visual Studio Code – Maven for Java Extension 1 CVE-2021-28472
Microsoft Office Excel 4 CVE-2021-28449, CVE-2021-28451, CVE-2021-28454, CVE-2021-28456
Microsoft Graphics Component 4 CVE-2021-28318, CVE-2021-28348, CVE-2021-28349, CVE-2021-28350
Azure AD Web Sign-in 1 CVE-2021-27092
Windows Event Tracing 2 CVE-2021-27088, CVE-2021-28435
Windows Kernel 2 CVE-2021-27093, CVE-2021-28309
Windows Services and Controller App 1 CVE-2021-27086
Role: Hyper-V 4 CVE-2021-26416, CVE-2021-28314, CVE-2021-28441, CVE-2021-28444
Microsoft Exchange Server 4 CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
Windows ELAM 1 CVE-2021-27094
Windows Remote Procedure Call Runtime 27 CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434
Microsoft Internet Messaging API 1 CVE-2021-27089
Windows Registry 1 CVE-2021-27091
Azure Sphere 1 CVE-2021-28460
Windows AppX Deployment Extensions 1 CVE-2021-28326
Windows Diagnostic Hub 3 CVE-2021-28313, CVE-2021-28321, CVE-2021-28322
Windows Portmapping 1 CVE-2021-28446
Windows Overlay Filter 1 CVE-2021-26417
Windows Secure Kernel Mode 1 CVE-2021-27090
Windows Win32K 2 CVE-2021-27072, CVE-2021-28310
Microsoft Office Outlook 1 CVE-2021-28452
Windows TCP/IP 3 CVE-2021-28319, CVE-2021-28439, CVE-2021-28442
Windows Early Launch Antimalware Driver 1 CVE-2021-28447
Microsoft Windows DNS 2 CVE-2021-28323, CVE-2021-28328
Windows SMB Server 2 CVE-2021-28324, CVE-2021-28325
Windows Media Player 2 CVE-2021-27095, CVE-2021-28315
Microsoft Edge (Chromium-based) 6 CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199
Windows WLAN Auto Config Service 1 CVE-2021-28316
Azure DevOps 2 CVE-2021-27067, CVE-2021-28459
Windows Console Driver 2 CVE-2021-28438, CVE-2021-28443