VERT Threat Alert: April 2021 Patch Tuesday Analysis

VERT Threat Alert: April 2021 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s April 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-939 on Wednesday, April 14th.In-The-Wild & Disclosed CVEsCVE-2021-28310Borin Larin of Kaspersky Lab discovered this vulnerability being actively used for exploitation and suspects that it is tied to the BITTER APT group. Larin and co-authors have released a detailed technical write-up on this vulnerability that impacts the Desktop Window Manager.Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.CVE-2021-28312This publicly disclosed denial of service impacts the Windows NTFS file system. Windows 10 as well as Windows Server 2019 and Server version 20H2 are impacted.Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.CVE-2021-28437A publicly disclosed information disclosure in the Windows Installer could allow attackers to read from the file system. Based on the Microsoft security guidance, all versions of Windows from Windows 7 to Windows 10 and their associated server platforms are vulnerable.Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.CVE-2021-28458The ..