French Patch Tuesday April 2021

Copyright © 2021 Ivanti. All rights reserved.
Patch Tuesday Webinar
Jeudi, 15 avril 2021
Eric Vincent & Camille Proux

Agenda
April 2021 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A
1
2
3
4
5

Overview

April Patch Tuesday 2021
Microsoft has released updates for the Windows OS, Office and O365, Exchange
Server, Edge (Chromium), Visual Studio, Azure DevOps, Azure AD Web Sign-in,
Azure Sphere, and many other components. A total of 110 unique vulnerabilities
have been resolved this month including one Zero Day, and four publicly disclosed
vulnerabilities. There are a lot of vulnerabilities being resolved this month. The
good news is most of them are in the OS including the Zero Day and three of four
of the Publicly Disclosed vulnerabilities. Knocking the OS out quickly will reduce a
significant amount of risk for your organization. Top priorities this month should
include the Windows OS, Edge (Chromium), and Exchange Server.

In the News

In the News
Source: Microsoft
 Pwn2Own Results – What to expect in the next 90 days
 https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-
2021-schedule-and-live-results
 FBI blasts away web shells on US servers in wake of
Exchange vulnerabilities
 https://www.zdnet.com/article/fbi-blasts-away-web-shells-on-us-
servers-in-wake-of-exchange-vulnerabilities/?&web_view=true
 RemoteFX vGPU removed from all applicable Windows
platforms this month
 https://support.microsoft.com/en-us/topic/kb4570006-update-
to-disable-and-remove-the-remotefx-vgpu-component-in-
windows-bbdf1531-7188-2bf4-0de6-641de79f09d2

Publicly Disclosed Vulnerabilities
 CVE-2021-27091 RPC Endpoint Mapper Service Elevation of
Privilege Vulnerability
 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27091
 CVE-2021-28312 Windows NTFS Denial of Service Vulnerability
 CVE-2021-28437 Windows Installer Information Disclosure
Vulnerability
 CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of
Privilege Vulnerability
Source: Microsoft

Known Exploited Vulnerability
 CVE-2021-28310 Win32k Elevation of Privilege Vulnerability
Source: Microsoft
Affected Products: Windows 10 1803 – 20H2
Windows Server, 1909 - 2004
Severity: Critical
Base CVSS 3.0 Score: 7.8

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 Updated SSUs this month
 See Table
 Development Tool and Other Updates
 Azure DevOps Server 2019-2020
 Azure @azure/ms-rest-nodeauth
 Azure Sphere
 Team Foundation Server 2015-2018
 Visual Studio 2015-2019
 Visual Studio Code (multiple components)
Source: Microsoft

Windows 10 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
20H2 10/20/2020 5/9/2023
2004 5/27/2020 12/14/2021
1909 11/12/2019 5/10/2022
1903 5/21/2019 12/8/2020
1809 11/13/2018 5/11/2021
1803 4/30/2018 5/11/2021
1709 10/17/2017 10/13/2020
Windows Datacenter and Standard Server
Version Release Date End of Support Date
20H2 10/20/2020 5/10/2022
2004 5/27/2020 12/14/2021
1909 11/12/2019 5/11/2021
1903 5/21/2019 12/8/2020
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server
 https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise-
and-education

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

Bulletins and Releases

MS21-04-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903,
1909, 2004, 20H2, Server 2016, Server 2019, Server version 1909, Server version
2004, Server version 20H2, IE 11, Legacy Edge and Edge Chromium
 Description: This bulletin references 6 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of
Service, Elevation of Privilege and Information Disclosure
 Fixes 79 Vulnerabilities: CVE-2021-28312 and CVE-2021-28437 are publicly
disclosed. CVE-2021-28310 is known exploited. See the Security Update Guide for
the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

April Known Issues for Windows 10
 KB 5001347 – Windows 10, Version 1607 and Server 2016
 [Min Password] After installing KB4467684, the cluster service may fail to start with
the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum
Password Length” is configured with greater than 14 characters. Workaround:
Set the domain default "Minimum Password Length" policy to less than or equal to
14 characters. Microsoft is working on a resolution.
 KB 5001342 – Windows 10, Version 1809, Server 2019
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.

April Known Issues for Windows 10 (cont)
 KB 5001337 – Windows 10 version 1909, Windows Server version 1909
 [Outdated Updates] System and user certificates might be lost when updating a
device from Windows 10, version 1809 or later to a later version of Windows 10.
This primarily happens when managed devices are updated using outdated
bundles or media through an update management tool such as Windows Server
Update Services (WSUS) or Microsoft Endpoint Configuration Manager.
Note: Devices using Windows Update for Business or that connect directly to
Windows Update are not impacted.
Workaround: If you have already encountered this issue on your device, you can
mitigate it within the uninstall window by going back to your previous version of
Windows. The uninstall window might be 10 or 30 days depending on the
configuration of your environment and the version you’re updating to. See
directions here.
Microsoft is working on a resolution.

April Known Issues for Windows 10 (cont)
 KB 5001330 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2
 [Editor] When using the Microsoft Japanese Input Method Editor (IME) to enter
Kanji characters in an app that automatically allows the input of Furigana
characters, you might not get the correct Furigana characters. You might need to
enter the Furigana characters manually. Workaround: Microsoft is working on a
resolution.
 [Outdated Updates]

MS21-04-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part
of update KB 5000844 (released March 9, 2021). Bulletin is based on KB 5001389.
Security updates to Windows Apps, Windows Hybrid Cloud Networking, Windows
Kernel, and Windows Media.
 Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege
and Information Disclosure
 Fixes 47 Vulnerabilities: CVE-2021-28437 is publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
 Known Issues: [File Rename] See next slide.

April Known Issues for Server 2008
 KB 5001389 – Windows Server 2008 (Monthly Rollup)
 [File Rename] Certain operations, such as rename, that you perform on files or folders that
are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform
the operation on a CSV owner node from a process that doesn’t have administrator
privilege. Workaround: Perform the operation from a process that has administrator
privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft
is working on a resolution.
 KB 5001332 – Windows Server 2008 (Security-only Update)
 [File Rename]

MS21-04-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 5001332. Security updates to Windows Apps,
Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.
 Impact: Remote Code Execution, Spoofing, Denial of Service, Elevation of Privilege
and Information Disclosure
 Fixes 47 Vulnerabilities: CVE-2021-28437 is publicly disclosed. No CVEs are
known exploited. See the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename] See previous slide.

MS21-04-MR7-ESU: Monthly Rollup for Win 7
MS21-04-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
RemoteFX vGPU feature removed from codebase. Security updates to Windows Apps,
Windows Hybrid Cloud Networking, Windows Kernel, and Windows Media.
disclosed. See the Security Update Guide for the complete list of CVEs.
 Known Issues: [File Rename]

MS21-04-SO7-ESU: Security-only Update for Win 7
MS21-04-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
Windows Hybrid Cloud Networking, and Windows Media.

MS21-04-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 5000847 (released March 9, 2021). Bulletin is based on KB 5001387.
RemoteFX vGPU feature removed from codebase. Security updates to Windows Apps,
Windows Input and Composition, Windows Hybrid Cloud Networking, Windows Kernel,
and Windows Media.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Denial of Service,
Elevation of Privilege and Information Disclosure

MS21-04-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
Windows Input and Composition, Windows Hybrid Cloud Networkin2, Windows Kernel,
and Windows Media.

MS21-04-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
RemoteFX vGPU feature removed from codebase. Security updates to Windows Input
and Composition, Windows Fundamentals, Windows Hybrid Cloud Networking,
Windows Kernel, and Windows Media.

MS21-04-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Bulletin is based on KB 5001393. Security updates to Windows Input
and Composition, Windows Fundamentals, Windows Hybrid Cloud Networking,
Windows Kernel, and Windows Media.

MS21-04-EXCH: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2013 - 2019
 Description: This security update fixes vulnerabilities in Microsoft
Exchange. This bulletin is based on KB 5001779.
 Impact: Remote Code Execution
 Fixes 4 Vulnerabilities: No CVEs are publicly disclosed or known
exploited. CVE-2021-28480, CVE-2021-28481, CVE-2021-28482,
and CVE-2021-28483 are fixed in this release.
 Known Issues: Must install update with administrator privileges

MS21-04-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Excel 2010-2016, Office 2010-2016, Office 2019 for macOS,
Office Online Server, Office Web Apps 2010 and 2013, Outlook 2010-2016, Word
2010-2016.
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 23 KB articles plus release notes for the macOS Office.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 6 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-28449, CVE-2021-28451, CVE-2021-28452, CVE-2021-28453,
CVE-2021-28454, and CVE-2021-28456 are fixed in this release.
 Restart Required: Requires application restart
 Known Issues: None reported

MS21-04-O365: Security Updates Microsoft 365 Apps and Office 2019
 Affected Products: Microsoft 365 Apps, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps
security updates is available at https://docs.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 6 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2021-28449, CVE-2021-28451, CVE-2021-28452, CVE-2021-28453,
CVE-2021-28454, and CVE-2021-28456 are fixed in this release.
 Restart Required: Requires application restart

MS21-04-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server 2010, Microsoft SharePoint
Foundation Server 2013, Microsoft SharePoint Enterprise Server 2016, and Microsoft
SharePoint Server 2019
 Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on 8 KB articles.
 Impact: Remote Code Execution and Denial of Service
 Fixes 2 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE-
2021-28450 and CVE-2021-28453 are fixed in this release.

Between Patch Tuesdays

Release Summary
 Security Updates: Google Chrome (2), Firefox (1), Firefox ESR (1), Cisco Jabber
(1), Node.JS (4), SeaMonkey (1), Thunderbird (2), VMware Horizon Client (1),
Wireshark (2)
 Non-Security Updates: AIMP (1), Allway Sync (1), Adobe Acrobat and Reader (1),
Audacity (1), Bandicut (2), Box Edit (1), CCleaner (1), ClickShare (1), Falcon sensor for
Window (2), Citrix Workspace App (2), CutePDF Writer (1), DropBox (2), Evernote (2),
Firefox (1), Foxit Reader (1), FileZilla Client (2), Foxit PhantomPDF (1), GoodSync (8),
GIMP (1), GIT for windows (2), Google Backup and Sync (1), Cisco Jabber (1),
BlueJeans (1), LibreOffice (2), LogMeIn (1), Malwarebytes (1), Nitro Pro (2), Node.JS (3),
Notepad (2), Opera (5), Pidgin (2), Plex Media Server (4), PSPad (1), PeaZip (1), R for
Windows (1), RingCentral App (1), RedHat OpenJDK (3), Royal TS (2), RealVNC Server
(1), Slack Machine-Wide Installer (1), Snagit (1), Splunk Universal Forwarder (1),
Sourcetree (1), Tableau Desktop (9), Tableau Reader (2), TortoiseGit (1), TortoiseHG (1),
Apache Tomcat (4), TeamViewer (7), VMware Horizon Client (2), VMware Workstation
(1), Cisco WebEx Teams (2), Zoom Client (2), Zoom Outlook Plugin (2)

Third Party CVE Information (cont)
 Cisco Jabber 12.9.5.305511
 JABBER-210201, QJABBER1295305511
 Fixes 5 Vulnerabilities: CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-
2021-1469, CVE-2021-1471
 Google Chrome 89.0.4389.90
 CHROME-210312, QGC890438990
 Fixes 3 Vulnerabilities: CVE-2021-21191, CVE-2021-21192, CVE-2021-21193
 Google Chrome 89.0.4389.114
 CHROME-2103312, QGC8904389114
 Fixes 6 Vulnerabilities: CVE-2021-21194, CVE-2021-21195, CVE-2021-21196,
CVE-2021-21197, CVE-2021-21198, CVE-2021-21199

Third Party CVE Information
 Firefox 87.0
 FF-210323, QFF870
CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987, CVE-
2021-23988
 Firefox ESR 78.9.0
 FFE-210323, QFFE7890
CVE-2021-23987
 VMware Horizon Client 5.5.1
 VMWH5-210323, QVMWH551
 Fixes 1 Vulnerability: CVE-2020-3991

Third Party CVE Information
 Node.JS 15.14.0 (Current)
 NOJSC-210406, QNODEJSC15140
 Node.JS 12.22.1 (LTS Lower)
 NOJSLL-210406, QNODEJSLL12221
 Node.JS 14.16.1 (LTS Upper)
 NOJSLU-210406, QNODEJSLU14161
 Node.JS 10.24.1 (Maintain)
 NOJSM-210406, QNODEJSLL10241

 SeaMonkey 2.53.7
 SM20-210330, QSM2537
CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-
2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12371, CVE-2018-
5156, CVE-2018-5187, CVE-2018-5188
 Thunderbird 78.9.0
 TB-210325, QTB7890
CVE-2021-23987

 Thunderbird 78.9.1
 TB-210409, QTB7891
 Fixes 2 Vulnerabilities: CVE-2021-23991, CVE-2021-23993
 Wireshark 3.2.12
 WIRES32-210311, QWIRES3212
 Wireshark 3.4.4
 WIRES32-210311, QWIRES344

Q & A

Prochain Rendez-Vous Patch Tuesday
 Mardi 18 mai – 16h00
 Jeudi 10 juin – 16h00
 Mardi 20 juillet – 16h00
 Jeudi 12 août – 16h00
 Jeudi 16 septembre – 16h00
https://www.ivanti.fr/resources/patch-tuesday

French Patch Tuesday April 2021

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to French Patch Tuesday April 2021

Similar to French Patch Tuesday April 2021 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

French Patch Tuesday April 2021