Microsoft's April 2021 Patch Tuesday Addresses 108 CVEs

On April 13, Microsoft published its monthly security update, known as Patch Tuesday. In this month’s Patch Tuesday release, Microsoft addressed 108 CVEs, including 19 rated critical.

This month’s release contains fixes for four newly discovered vulnerabilities in Microsoft Exchange Server, as well as a zero-day in Win32k that was exploited in the wild.

Microsoft addressed vulnerabilities across the following products, features and roles:

• Azure AD Web Sign-in
• Azure DevOps
• Azure Sphere
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Internet Messaging API
• Microsoft NTFS
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows Speech
• Open Source Software
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Visual Studio Code - GitHub Pull Requests and Issues Extension
• Visual Studio Code - Kubernetes Tools
• Visual Studio Code - Maven for Java Extension
• Windows Application Compatibility Cache
• Windows AppX Deployment Extensions
• Windows Console Driver
• Windows Diagnostic Hub
• Windows Early Launch Antimalware Driver
• Windows ELAM
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Media Player
• Windows Network File System
• Windows Overlay Filter
• Windows Portmapping
• Windows Registry
• Windows Remote Procedure Call Runtime
• Windows Resource Manager
• Windows Secure Kernel Mode
• Windows Services and Controller App
• Windows SMB Server
• Windows TCP/IP
• Windows Win32K
• Windows WLAN Auto Config Service

For more information about the notable vulnerabilities in this month’s Patch Tuesday,, including the availability of patches and Tenable product coverage, please visit our blog.