![\"\"](\"\/wp-content\/uploads\/2015\/11\/highlights_.jpg\")
<\/h2>\nMicrosoft patched 108 unique security vulnerabilities in April 2021. We analyzed these weaknesses and spotlighted important vulnerabilities that ought to be patched on priority.<\/p>\n
<\/h2>\nIn April, Microsoft patched 108 vulnerabilities discovered in 2021 –<\/p>\n
RCE\/PE:<\/strong> Remote Code Execution and Privilege Execution are two of the most dangerous weaknesses that are most exploited by malicious actors. Microsoft has fixed –<\/p>\n 56 CVEs that have been classified as RCE bugs<\/p>\n<\/li>\n 19 CVEs have Privilege Escalation capabilities<\/p>\n<\/li>\n 9 CVEs are linked to Denial of Service<\/p>\n<\/li>\n<\/ul>\n Notably, four CVEs ( CVE-2021-28458, CVE-2021-27091, CVE-2021-2843, CVE-2021-28312) have publicly known exploits therefore, patching them would be essential.<\/p>\n The National Security Agency US has discovered four new Exchange server vulnerabilities (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483), which have been rated critical. Of these 2 vulnerabilities are pre-authentication weaknesses, which means unauthenticated attackers can exploit them without any user interaction.<\/p>\n Zero-Day Vulnerabilities:<\/strong> Microsoft has released 4 publicly disclosed and 1 actively exploited patches for five Zero-Day Vulnerabilities ( CVE-2021-2709<\/a>, CVE-2021-28312<\/a>, CVE-2021-28437<\/a>, CVE-2021-28458<\/a>, CVE-2021-28310<\/a>)<\/p>\n The actively exploited CVE-2021-28310 in Win32k with Privilege Escalation capabilities is suspected to be associated with Bitter APT Group.<\/p>\n Microsoft has released patches for 45 different products where 59% of security vulnerabilities accounted for RCE exploit.<\/p>\n\n
Product Analysis<\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/product-analysis.png\")
<\/p>\nSeverity Scores<\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2015\/11\/patch-watches-2021.jpg\")
<\/p>\n