Yesterday marked the fourth Patch Tuesday of 2021! April’s Patch Tuesday yielded 108 new Microsoft security fixes, delivering the highest monthly total for 2021 (so far) and showing a return to the 100+ totals we consistently saw in 2020.
Included in this month are 19 critical vulnerabilities and a high-severity zero-day that’s currently being exploited in the wild, CVE-2021-28310. This vulnerability is a locally exploited Windows Win32K elevation of privilege bug. To exploit it, an attacker would first have to log on to the system, then run a specially crafted application. The exploitation of this vulnerability would allow an attacker to execute code in the context of the kernel and gain SYSTEM privileges, allowing the attacker access to critical Windows components and information.
Not only was Microsoft subject to a number of security fixes, Adobe released four security updates covering seven critical vulnerabilities across Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. APSB21-28 addresses two critical arbitrary code execution vulnerabilities found in Adobe Photoshop while APSB21-23 tackles four additional arbitrary code execution vulnerabilities in Adobe Bridge.
Plus, it’s hard not to mention the zero-day remote code execution vulnerability that was posted on Twitter that works on the current version of Google Chrome and Microsoft Edge.
You can find all of the Patch Tuesday updates from Microsoft, Google, and Adobe in our monthly Patch Tuesday Index. And you can find a highly detailed analysis of these patches from our Automox experts here.