Cybersecurity Vulnerabilities
April 14, 2021

Patch Newsday: April 13, 2021

Patch Newsday
a piece of blue denim with fray edgeslong exposure image of man walking by blue panels

It's our favorite time of the month: Patch Tuesday! Kev Breen, our Director of Cyber Threat Research, shares his thoughts and priorities from yesterday’s release.

With a total of 119 CVEs, 57 of which are Remote Code Execution, organizations will be doing more than their fair share of prioritization and patching.

CVE-2021-28480 through to CVE-2021-28483 are a collection of vulnerabilities for Exchange Server found by the NSA.

It’s interesting to see the agency come out strongly on Patch Tuesday and warn of the risks. This underlines the criticality of cybersecurity to entire nations, as well as the continued blurring of the lines between nation states, intelligence services and enterprise security. With a number of high-profile attacks affecting well-used enterprise software recently, the NSA are obviously keen to step up and play a proactive role.

There are 30 Remote Procedure Call Runtime RCEs in this release, covering everything from Win7 servers from 2008, all the way up to Win10 servers in 2019. Disclosed by a third party, the huge range of targets this covers could make it very appealing to attackers. However, with no associated POC code it will require work to weaponize.

CVE-2021-28310 is an actively exploited escalation of privilege vulnerability in Win32k which would be a useful part of the attacker toolkit for moving laterally while removing any signs of existence. With the ability to create admin level access, it would allow a threat actor to wipe log files and other forensic markers to increase dwell time and reduce chances of detection.

A set of 10 Remote Code Execution vulnerabilities affect Microsoft’s free source code editor, Visual Studio Code, and its plugins. With developer environments increasingly in vogue with attackers, given their potential to amplify attacks into multiple users, I would not be surprised to see APT groups focusing on weaponizing these.

While patching is not as simple as it seems, software updates occasionally have unforeseen consequences that require due diligence prior to deployment. This should not stop you applying them. To mitigate any such consequences, security teams should identify their risk exposure and test patches in a development area before pushing them live.

It is also important to invest some time and effort in enabling your SOC / NOC to quickly review patch notes so you can triage effectively based on your environment. Active exploits in the wild should be a higher priority, as should those that pose the highest risk and exposure.

As always, thanks for tuning in – we'll see you next Patch Tuesday for more!

Kev Breen, Director of Cyber Threat Research at Immersive Labs and author of this month's Patch Tuesday review

Kev Breen,
Director of Cyber Threat Research
@kevthehermit

Trusted by top companies worldwide
to enhance cybersecurity

Trusted by some of the world’s biggest brands, we’re committed to taking your cybersecurity readiness to the next level - and we’re just getting started.

What Our Customers
Are Saying About Immersive

Realistic simulation of current threats is the only way to test and improve response readiness, and to ensure that the impact of a real attack is minimized. Immersive’s innovative platform, combined with Kroll’s extensive experience, provides the closest thing to replication of a real incident — all within a safe virtual environment.

Paul Jackson
Regional Managing Director, APAC Cyber Risk, Kroll

The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge.

TJ Campana
Head of Global Cybersecurity Operations, HSBC

We no longer worry about managing infrastructure, leaving us free to build great courses.

Daniel Duggan
Director, Zero-Point Security

Ready to Get Started?
Get a Live Demo.

Simply complete the form to schedule time with an expert that works best for your calendar.