in

Microsoft fixes Defender zero-day in January 2021 Patch Tuesday

Microsoft has started rolling out earlier today it’s monthly set of security patches known in the industry as Patch Tuesday.

In this month’s updates, the Redmond-based company has patched a total of 83 vulnerabilities across a wide range of products, including its Windows operating system, cloud-based products, developer tools, and enterprise servers.

Microsoft Defender zero-day

But of all the bugs patched today, the most important one is a zero-day vulnerability in the Microsoft Defender antivirus, which Microsoft said was exploited before today’s patches were released.

Tracked as CVE-2021-1647, the vulnerability was described as a remote code execution (RCE) bug that allowed threat actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Defender is installed.

Microsoft said that despite exploitation being detected in the wild, the technique is not functional in all situations, and is still considered to be at a proof-of-concept level. However, the code could evolve for more reliable attacks.

To counteract future attacks, Microsoft has released patches for the Microsoft Malware Protection Engine, which won’t require any user interaction and will be installed automatically — unless specifically blocked by system administrators.

Microsoft also fixes publicly disclosed Windows EoP bug

In addition to the Defender zero-day, Microsoft has also fixed a security flaw in the Windows splwow64 service that could be abused to elevate the privileges of an attacker’s code.

Details about this bug, tracked as CVE-2021-1648, were made public last month, on December 15, by Trend Micro’s Zero-Day Initiative project.

However, despite the details being publicly available, this bug wasn’t exploited in the wild, Microsoft said.

Nonetheless, system administrators are advised to revise and apply today’s patches and avoid future headaches in case any of these vulnerabilities get weaponized and added to attackers’ arsenals.


Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 87 security updates are detailed here.
  • Android security updates are available here.
TagCVE IDCVE Title
.NET RepositoryCVE-2021-1725Bot Framework SDK Information Disclosure Vulnerability
ASP.NET core & .NET coreCVE-2021-1723ASP.NET Core and Visual Studio Denial of Service Vulnerability
Azure Active Directory Pod IdentityCVE-2021-1677Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Bluetooth DriverCVE-2021-1683Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth DriverCVE-2021-1638Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth DriverCVE-2021-1684Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft DTV-DVD Video DecoderCVE-2021-1668Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Microsoft Edge (HTML-based)CVE-2021-1705Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Microsoft Graphics ComponentCVE-2021-1709Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2021-1696Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2021-1665GDI+ Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2021-1708Windows GDI+ Information Disclosure Vulnerability
Microsoft Malware Protection EngineCVE-2021-1647Microsoft Defender Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-1713Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-1714Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-1711Microsoft Office Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-1715Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2021-1716Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2021-1712Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2021-1707Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2021-1718Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePointCVE-2021-1717Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2021-1719Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2021-1641Microsoft SharePoint Spoofing Vulnerability
Microsoft RPCCVE-2021-1702Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2021-1649Active Template Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2021-1676Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Microsoft WindowsCVE-2021-1689Windows Multipoint Management Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2021-1657Windows Fax Compose Form Remote Code Execution Vulnerability
Microsoft WindowsCVE-2021-1646Windows WLAN Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2021-1650Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2021-1706Windows LUAFV Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2021-1699Windows (modem.sys) Information Disclosure Vulnerability
Microsoft Windows Codecs LibraryCVE-2021-1644HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2021-1643HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows DNSCVE-2021-1637Windows DNS Query Information Disclosure Vulnerability
SQL ServerCVE-2021-1636Microsoft SQL Elevation of Privilege Vulnerability
Visual StudioCVE-2020-26870Visual Studio Remote Code Execution Vulnerability
Windows AppX Deployment ExtensionsCVE-2021-1642Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows AppX Deployment ExtensionsCVE-2021-1685Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows CryptoAPICVE-2021-1679Windows CryptoAPI Denial of Service Vulnerability
Windows CSC ServiceCVE-2021-1652Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC ServiceCVE-2021-1654Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC ServiceCVE-2021-1659Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC ServiceCVE-2021-1653Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC ServiceCVE-2021-1655Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC ServiceCVE-2021-1693Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC ServiceCVE-2021-1688Windows CSC Service Elevation of Privilege Vulnerability
Windows Diagnostic HubCVE-2021-1680Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic HubCVE-2021-1651Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows DP APICVE-2021-1645Windows Docker Information Disclosure Vulnerability
Windows Event Logging ServiceCVE-2021-1703Windows Event Logging Service Elevation of Privilege Vulnerability
Windows Event TracingCVE-2021-1662Windows Event Tracing Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2021-1691Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2021-1704Windows Hyper-V Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2021-1692Hyper-V Denial of Service Vulnerability
Windows InstallerCVE-2021-1661Windows Installer Elevation of Privilege Vulnerability
Windows InstallerCVE-2021-1697Windows InstallService Elevation of Privilege Vulnerability
Windows KernelCVE-2021-1682Windows Kernel Elevation of Privilege Vulnerability
Windows MediaCVE-2021-1710Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows NTLMCVE-2021-1678NTLM Security Feature Bypass Vulnerability
Windows Print Spooler ComponentsCVE-2021-1695Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System Filter DriverCVE-2021-1663Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter DriverCVE-2021-1672Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter DriverCVE-2021-1670Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Remote DesktopCVE-2021-1674Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Windows Remote DesktopCVE-2021-1669Windows Remote Desktop Security Feature Bypass Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1701Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1700Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1666Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1664Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1671Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1673Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1658Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1667Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call RuntimeCVE-2021-1660Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows splwow64CVE-2021-1648Microsoft splwow64 Elevation of Privilege Vulnerability
Windows TPM Device DriverCVE-2021-1656TPM Device Driver Information Disclosure Vulnerability
Windows Update StackCVE-2021-1694Windows Update Stack Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2021-1686Windows WalletService Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2021-1681Windows WalletService Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2021-1690Windows WalletService Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2021-1687Windows WalletService Elevation of Privilege Vulnerability


Source: Information Technologies - zdnet.com

Mimecast says hackers abused one of its certificates to access Microsoft accounts

Professor Antonio Torralba elected 2021 AAAI Fellow