SpearTip | April 14th, 2021

April 13 is Patch Tuesday for Microsoft and they’ve released four different remote code execution vulnerabilities with critical scores.

CVE-2021-28480 (9.8 CVSSv3) – RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

CVE-2021-28481 (9.8 CVSSv3) – Windows NTFS Denial of Service Vulnerability

CVE-2021-28482 (8.8 CVSSv3) – Windows Installer Information Disclosure Vulnerability – PolarBear

CVE-2021-28483 (9.0 CVSSv3) – Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

None of these vulnerabilities have been actively exploited in the wild, but the National Security Agency warned these will be exploited by threat actors in no time if they are not patched. “NSA urges applying critical Microsoft patches released today, as exploitation of these vulnerabilities could allow persistent access and control of enterprise networks.”, NSA Cyber explained in a tweet.

The Exchange servers at risk:

Microsoft Exchange server 2013

Microsoft Exchange server 2016 – CU19 and CU20

Microsoft Exchange server 2019 – CU8 and CU9

The NSA is credited for discovering all four of these vulnerabilities finding two of them are pre-authentication which will require immediate attention. The NSA’s Director of Cybersecurity warned, “Network defenders now have the knowledge needed to act, but so do adversaries and malicious cyber actors. Don’t give them the opportunity to exploit this vulnerability on your system.”

SpearTip’s engineers are actively monitoring this situation as many organizations may be vulnerable. If you think your organization needs assistance in mitigating these threats through patch management and/or continuous monitoring, call our security operations center at 833.997.7327.

If you still haven’t patched the four previous vulnerabilities from last Patch Tuesday, the patching of these new vulnerabilities are cumulative meaning they’ll cover all eight.