Microsoft fixes Defender zero-day in January 2021 Patch Tuesday

windows-logo.png

Microsoft has started rolling out earlier today it’s monthly set of security patches known in the industry as Patch Tuesday.

In this month’s updates, the Redmond-based company has patched a total of 83 vulnerabilities across a wide range of products, including its Windows operating system, cloud-based products, developer tools, and enterprise servers.

Microsoft Defender zero-day

But of all the bugs patched today, the most important one is a zero-day vulnerability in the Microsoft Defender antivirus, which Microsoft said was exploited before today’s patches were released.

Tracked as CVE-2021-1647, the vulnerability was described as a remote code execution (RCE) bug that allowed threat actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Defender is installed.

Microsoft said that despite exploitation being detected in the wild, the technique is not functional in all situations, and is still considered to be at a proof-of-concept level. However, the code could evolve for more reliable attacks.

To counteract future attacks, Microsoft has released patches for the Microsoft Malware Protection Engine, which won’t require any user interaction and will be installed automatically — unless specifically blocked by system administrators.

Microsoft also fixes publicly disclosed Windows EoP bug

In addition to the Defender zero-day, Microsoft has also fixed a security flaw in the Windows splwow64 service that could be abused to elevate the privileges of an attacker’s code.

Details about this bug, tracked as CVE-2021-1648, were made public last month, on December 15, by Trend Micro’s Zero-Day Initiative project.

However, despite the details being publicly available, this bug wasn’t exploited in the wild, Microsoft said.

Nonetheless, system administrators are advised to revise and apply today’s patches and avoid future headaches in case any of these vulnerabilities get weaponized and added to attackers’ arsenals.


Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 87 security updates are detailed here.
  • Android security updates are available here.
Tag CVE ID CVE Title
.NET Repository CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability
ASP.NET core & .NET core CVE-2021-1723 ASP.NET Core and Visual Studio Denial of Service Vulnerability
Azure Active Directory Pod Identity CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Bluetooth Driver CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft DTV-DVD Video Decoder CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Microsoft Edge (HTML-based) CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Microsoft Graphics Component CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2021-1665 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability
Microsoft Malware Protection Engine CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability
Microsoft Office CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability
Microsoft RPC CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability
Microsoft Windows CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Microsoft Windows CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability
Microsoft Windows CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability
Microsoft Windows CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Microsoft Windows CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability
Microsoft Windows CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows DNS CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability
SQL Server CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability
Visual Studio CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability
Windows AppX Deployment Extensions CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows AppX Deployment Extensions CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows CryptoAPI CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability
Windows CSC Service CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability
Windows Diagnostic Hub CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows DP API CVE-2021-1645 Windows Docker Information Disclosure Vulnerability
Windows Event Logging Service CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2021-1691 Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2021-1692 Hyper-V Denial of Service Vulnerability
Windows Installer CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability
Windows Media CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows NTLM CVE-2021-1678 NTLM Security Feature Bypass Vulnerability
Windows Print Spooler Components CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System Filter Driver CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter Driver CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter Driver CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Remote Desktop CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Windows Remote Desktop CVE-2021-1669 Windows Remote Desktop Security Feature Bypass Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows splwow64 CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability
Windows TPM Device Driver CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability
Windows Update Stack CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability
Windows WalletService CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability

You may also like...