Articles Uncategorized Microsoft patches 83 vulnerabilities, including a 0-day bug in...

Microsoft patches 83 vulnerabilities, including a 0-day bug in Defender

-

The first Patch Tuesday in 2021 brought fixes for 83 vulnerabilities in Microsoft products, 10 of which were classified as critical. Various patches have been released for Windows, Edge Browser, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.

The biggest issue this month is undisputedly a zero-day vulnerability in Microsoft Defender antivirus that hackers have already exploited. This bug was identified as  CVE-2021-1647 and is described as an RCE vulnerability in the Malware Protection Engine (mpengine.dll), with which attackers could execute arbitrary code on a vulnerable system, simply forcing the victim to open a malicious document.

Microsoft says that 0-day was exploitable only under certain conditions, and despite the discovery of actual attacks using it, such attacks can rather be attributed to theoretical, and the exploit of hackers was experimental. However, all this does not exclude the emergence of more reliable exploits in the future.

Although there are no details about the detected attacks so far, experts at the Trend Micro Zero-Day Initiative believe that this vulnerability may have played a role in the acclaimed SolarWinds hack.

Microsoft has released fixes for the Malware Protection Engine in version 1.1.17700.4, and the update will not require user interaction: the patches will be installed automatically.

Other issues this month included a vulnerability in the splwow64 Windows service that could be abused for privilege escalation ( CVE-2021-1648 ). Although a detailed description of this bug was published last month by the specialists of the Trend Micro Zero-Day Initiative, the vulnerability was not used for attacks.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you