Microsoft April 2021 Security Updates

1.0 Introduction

Microsoft has released updates to address multiple vulnerabilities in Microsoft software.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

• Azure AD Web Sign-in
• Azure DevOps
• Azure Sphere
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Internet Messaging API
• Microsoft NTFS
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows Speech
• Open Source Software
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Visual Studio Code – GitHub Pull Requests and Issues Extension
• Visual Studio Code – Kubernetes Tools
• Visual Studio Code – Maven for Java Extension
• Windows Application Compatibility Cache
• Windows AppX Deployment Extensions
• Windows Console Driver
• Windows Diagnostic Hub
• Windows Early Launch Antimalware Driver
• Windows ELAM
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Media Player
• Windows Network File System
• Windows Overlay Filter
• Windows Portmapping
• Windows Registry
• Windows Remote Procedure Call Runtime
• Windows Resource Manager
• Windows Secure Kernel Mode
• Windows Services and Controller App
• Windows SMB Server
• Windows TCP/IP
• Windows Win32K
• Windows WLAN Auto Config Service

4.0 Recommendations

Users and administrators are recommended to review the below URLs and perform the necessary update.

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr
• https://us-cert.cisa.gov/ncas/current-activity/2021/04/13/apply-microsoft-april-2021-security-update-mitigate-newly

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further inquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 – 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24×7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon – Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr
• https://us-cert.cisa.gov/ncas/current-activity/2021/04/13/apply-microsoft-april-2021-security-update-mitigate-newly