Security News > 2021 > April > Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software.
Of note, the U.S. National Security Agency released information on four critical Exchange Server vulnerabilities impacting versions released between 2013 and 2019.
"These vulnerabilities have been rated 'exploitation more likely' using Microsoft's Exploitability Index. Two of the four vulnerabilities are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw. With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately," wrote Satnam Narang, staff research engineer with Tenable in commentary shared with Threatpost.
Troublesome given the ubiquitous nature of the Microsoft Office are four remote code execution vulnerabilities patched this month within the productivity suite.
Microsoft marks the vulnerability type as "Exploitation less likely," however, it's highly recommended to quickly patch and remediate any RCE vulnerabilities on systems, Goodman said: "Leaving latent vulnerabilities with RCE exploits can easily lead to a faster-spreading attack."
Microsoft's April Patch Tuesday update was complemented by Adobe's monthly slew of patches, which addressed 10 security bugs, seven of them critical.
News URL
https://threatpost.com/microsoft-april-patch-tuesday-zero-days/165393/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)