Skip to content ↓ | Skip to navigation ↓

Tripwire’s April 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome and Microsoft.

First on the patch priority list this month are patches for insufficient input validation vulnerabilities in Google Chrome (Chromium). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.

Next on the patch priority list this month are patches for Microsoft Excel, Office, Word, and Outlook. These patches resolve 6 issues including remote code execution, memory corruption, and information disclosure vulnerabilities.

Next are patches that affect components of the Windows operating systems. These patches resolve over 60 vulnerabilities, including elevation of privilege, information disclosure, remote code execution, security feature bypass, denial of service, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, Kernel, Remote Procedure Call, Speech Runtime, TCP/IP Driver, Early Launch Antimalware Driver, WLAN AutoConfig, Console Driver, Media, Diagnostics Hub, Overlay Filter, GDI+, Windows Installer, NTFS, and others.

Up next are patches for Hyper-V that resolve denial of service, elevation of privilege, information disclosure, and security feature bypass vulnerabilities.

Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Exchange, SMB, and DNS. These patches resolve several issues including remote code execution, information disclosure, and denial of service.

BULLETINCVE
Exploit Framework – MetasploitCVE-2021-21220, CVE-2020-16040
Microsoft OfficeCVE-2021-28453, CVE-2021-28452, CVE-2021-28456, CVE-2021-28451, CVE-2021-28454, CVE-2021-28449
Windows ICVE-2021-27072, CVE-2021-28310, CVE-2021-27096, CVE-2021-28312, CVE-2021-28320, CVE-2021-28440, CVE-2021-26415, CVE-2021-28437, CVE-2021-26413, CVE-2021-27086, CVE-2021-28445, CVE-2021-28317, CVE-2021-27079, CVE-2021-28311, CVE-2021-28318, CVE-2021-28350, CVE-2021-28348, CVE-2021-28349, CVE-2021-27088, CVE-2021-28435, CVE-2021-28309, CVE-2021-27093, CVE-2021-27094, CVE-2021-28357, CVE-2021-28356, CVE-2021-28355, CVE-2021-28354, CVE-2021-28329, CVE-2021-28353, CVE-2021-28352, CVE-2021-28358, CVE-2021-28327, CVE-2021-28331, CVE-2021-28330, CVE-2021-28333, CVE-2021-28332, CVE-2021-28335, CVE-2021-28338, CVE-2021-28334, CVE-2021-28337, CVE-2021-28336, CVE-2021-28339, CVE-2021-28434, CVE-2021-28340
Windows IICVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28315, CVE-2021-27095, CVE-2021-28316, CVE-2021-28443, CVE-2021-28438, CVE-2021-27089, CVE-2021-27091, CVE-2021-28326, CVE-2021-28322, CVE-2021-28321, CVE-2021-28313, CVE-2021-28446, CVE-2021-26417, CVE-2021-27090, CVE-2021-28351, CVE-2021-28436, CVE-2021-28347, CVE-2021-28439, CVE-2021-28319, CVE-2021-28442, CVE-2021-28447
Microsoft Hyper-VCVE-2021-26416, CVE-2021-28314, CVE-2021-28441, CVE-2021-28444
Microsoft Exchange ServerCVE-2021-28483, CVE-2021-28482, CVE-2021-28481, CVE-2021-28480
Microsoft Windows DNSCVE-2021-28323, CVE-2021-28328
Windows SMB ServerCVE-2021-28324, CVE-2021-28325
Microsoft Office SharePointCVE-2021-28450