Security News > 2021 > April > Microsoft Patch Tuesday, April 2021 Edition
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products.
The patches include four security fixes for Microsoft Exchange Server - the same systems that have been besieged by attacks on four separate bugs in the email software over the past month.
Interestingly, all four were reported by the U.S. National Security Agency, although Microsoft says it also found two of the bugs internally.
Allan Laska, senior security architect at Recorded Future, notes that there are several remote code execution vulnerabilities in Microsoft Office products released this month as well.
CVE-2021-28454 and CVE-2021-28451 involve Excel, while CVE-2021-28453 is in Microsoft Word and CVE-2021-28449 is in Microsoft Office.
Other Microsoft products that got security updates this month include Edge, Azure and Azure DevOps Server, SharePoint Server, Hyper-V, Team Foundation Server, and Visual Studio.
News URL
https://krebsonsecurity.com/2021/04/microsoft-patch-tuesday-april-2021-edition/
Related news
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- May 2025 Patch Tuesday forecast: Panic, change, and hope (source)
- Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-28449 | Unspecified vulnerability in Microsoft 365 Apps, Excel and Office Microsoft Office Remote Code Execution Vulnerability | 0.0 |
| 2021-04-13 | CVE-2021-28451 | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 0.0 |
| 2021-04-13 | CVE-2021-28453 | Unspecified vulnerability in Microsoft products Microsoft Word Remote Code Execution Vulnerability | 0.0 |
| 2021-04-13 | CVE-2021-28454 | Use After Free vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 0.0 |