{"id":8671,"date":"2021-05-14T06:23:11","date_gmt":"2021-05-14T13:23:11","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=8671"},"modified":"2023-03-07T15:18:37","modified_gmt":"2023-03-07T22:18:37","slug":"april-2021-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/april-2021-patch-watch-digest\/","title":{"rendered":"April 2021: Patch Watch Digest"},"content":{"rendered":"<h2 dir=\"ltr\">Highlights of April Digest<\/h2>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">30 vendors released security patches for 1400 vulnerabilities, including 46 CVEs with known exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">31 vulnerabilities that got patched in April were red-flagged by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">735 Old vulnerabilities have been patched.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Microsoft fixed 108 bugs including 5 zero days.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Oracle plugged 390 security vulnerabilities.<\/p>\n<\/li>\n<\/ul>\n<h2 dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 800px; height: 436px;\" src=\"\/wp-content\/uploads\/2015\/11\/highlights_-1.jpg\" alt=\"\" \/><\/h2>\n<h2 dir=\"ltr\">Weaponized Vulnerabilities<\/h2>\n<p dir=\"ltr\">We have 46 vulnerabilities that are known exploits. Here is our analysis \u2013<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is linked to CryptoMix ransomware.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs were alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs have RCE capabilities.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE with Privilege Escalation weakness.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">2 CVEs are associated with Denial of Service.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is rated critical and 22 are of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 338px;\" src=\"\/wp-content\/uploads\/2015\/11\/weaponized-vulnerabilities-1-1.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">\n<h2 dir=\"ltr\"><a id=\"Old CVEs\" name=\"Old CVEs\"><\/a>Old Vulnerabilities Patched in April 2021<\/h2>\n<p dir=\"ltr\">735 Old vulnerabilities have been issued security updates ranging from the year 2003 to 2020.<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">1 CVE is linked CrpytoMix ransomware.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">12 CVEs have been alerted by CISA.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">19 CVEs are critical and 213 are high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\">89% of the weaponized vulnerabilities are old weaknesses which shows that attackers systematically target them to exploit.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 448px;\" src=\"\/wp-content\/uploads\/2015\/11\/old-vulnerabilities.jpg\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">\n<h2 dir=\"ltr\"><a id=\"Microsoft Patches\" name=\"Microsoft Patches\"><\/a>Microsoft March Patches 2021<\/h2>\n<p dir=\"ltr\">Microsoft issued patches for 108 security vulnerabilities, including\u00a0 five Zero days \u00a0(CVE-2021-2709,\u00a0CVE-2021-28312,\u00a0CVE-2021-28437,\u00a0CVE-2021-28458,\u00a0CVE-2021-28310)<\/p>\n<p dir=\"ltr\">\n<h2 dir=\"ltr\"><a id=\"Oracle CVEs\" name=\"Oracle CVEs\"><\/a>Oracle April Patches 2021<\/h2>\n<p dir=\"ltr\">Oracle rolls out 390 security patches in which 221vulnerabilities are remotely exploitable.<\/p>\n<p dir=\"ltr\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 406px;\" src=\"\/wp-content\/uploads\/2015\/11\/oracle-april-patches-2021.jpg\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\"><a id=\"CISA\" name=\"CISA\"><\/a>CISA Alerts<\/h2>\n<p dir=\"ltr\">31 vulnerabilities have been issued a warning alert by CISA<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">5 CVEs have been weaponized with known exploits.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">3 CVEs are rated critical, and 9 of high severity.<\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\">\n<p dir=\"ltr\"><a href=\"#Airtable\"><img decoding=\"async\" class=\"aligncenter\" style=\"width: 550px; height: 448px;\" src=\"\/wp-content\/uploads\/2015\/11\/cisa-alerts.jpg\" alt=\"\" \/><\/a><\/p>\n<p dir=\"ltr\"><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrdJT2r7FvuIFb3A?backgroundColor=purple&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<h6 dir=\"ltr\"><strong>Table: April 2021 Security Patches<\/strong><\/h6>\n","protected":false},"excerpt":{"rendered":"<p>Highlights of April Digest 30 vendors released security patches for 1400 vulnerabilities, including 46 CVEs with known exploits. 31 vulnerabilities that got patched in April were red-flagged by CISA. 735 Old vulnerabilities have been patched. Microsoft fixed 108 bugs including 5 zero days. Oracle plugged 390 security vulnerabilities. Weaponized Vulnerabilities We have 46 vulnerabilities that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14443,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[288],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/8671"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14443"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=8671"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=8671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}