Microsoft Issues Patches for Defender Zero-Day, 82 Other Windows Flaws
(The AEGIS Alliance) – For the main patch released on January 12, Tuesday of 2021, Microsoft launched security updates addressing 83 flaws in total across as many as 11 services and products, together with an actively exploited zero-day vulnerability.
The new security patches are for Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure. Of these 83 bugs, 10 made the Critical list, and 73 are labeled as Important in priority.
The most critical of the issues is a remote code execution (RCE) flaw in Microsoft Defender (CVE-2021-1647) that was able to enable cyber attackers to infect targeted systems with arbitrary code.
Microsoft Malware Protection Engine (mpengine.dll) gives the scanning, detection, and cleansing capabilities for the Microsoft Defender antivirus and antispyware software. The final version of Defender affected by the flaw is 1.1.17600.5 before it had been addressed in version 1.1.17700.4.
The bug has also been identified to have been actively exploited within the wild of the interwebs, though specifics are scarce on how widespread the cyber assaults are or how it was being exploited. In addition, a zero-click flaw is that the vulnerable system may be exploited with no interaction from a Windows user.
Microsoft mentioned that regardless of active exploitation, the approach shouldn’t be functional for all conditions and that the exploit continues to be thought to be at a proof-of-concept degree, with substantial modifications required for it to succeed.
Also, the flaw may have already been resolved as a part of automated updates to the Malware Protection Engine, which it normally releases once each month or when required to safeguard against recently found threats — unless the systems aren’t actively connected to the internet.
“For organizations that are configured for automatic updating, no actions should be required, but one of the first actions a threat actor or malware will try to attempt is to disrupt threat protection on a system so definition and engine updates are blocked,” Chris Goettl stated, senior director of product management and security at Ivanti.
Additionally, Tuesday’s patch resolves a privilege escalation flaw (CVE-2021-1648) released in an earlier patch with the GDI Print / Print Spooler API (“splwow64.exe”) that was disclosed by Google Project Zero in December 2020 after Microsoft did not resolve it inside 90 days of responsible disclosure on September 24.
Other included vulnerability fixes released by Microsoft are for memory corruption flaws in Microsoft Edge browser (CVE-2021-1705), a feature for a Windows Remote Desktop Protocol Core Security bypass flaw (CVE-2021-1674, CVSS rating 8.8), and five crucial RCE flaws in Remote Procedure Call Runtime.
To install the most recent security updates, Windows users can go over to Start > Settings > Update & Security > Windows Update, or by choosing to check for Windows updates.
Kyle James Lee – The AEGIS Alliance – This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
