13 January 2021

Microsoft addresses Defender zero day bug actively exploited in the wild


Microsoft addresses Defender zero day bug actively exploited in the wild

Microsoft has released its January 2021 Patch Tuesday security updates that fix a total of 83 vulnerabilities affecting a wide range of the company’s products, including a zero day issue that has been actively exploited in the real-world attacks.

The flaw, tracked as CVE-2021-1647, is described as a remote code execution (RCE) vulnerability that allows malicious actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Windows Defender is installed. The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

CVE-2021-1647 affects the following software versions:

  • Microsoft Security Essentials: All versions

  • Windows Defender: for Windows 8.1, for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703, for Windows RT 8.1, for Windows Server 2019, on Windows 7 for 32-bit Systems Service Pack 1, on Windows Server 2008, on Windows Server 2012

  • Microsoft System Center Endpoint Protection: 2012, 2012 R2

The vulnerability was fixed in Microsoft Malware Protection Engine v1.1.17700.4.

Besides CVE-2021-1647, the company has also fixed a security flaw (CVE-2021-1648) in the Windows splwow64 service that could be exploited to elevate the privileges and bypass security restrictions.

In addition to the above flaws, January Patch Tuesday addresses a number of high risk issues across multiple products, including Microsoft Word, Excel, Office, Microsoft Windows Media Foundation, Microsoft DTV-DVD Video Decoder, and Microsoft HEVC Video Extensions.

Back to the list

Latest Posts

Vulnerability summary for the week: January 15, 2021

Vulnerability summary for the week: January 15, 2021

A weekly vulnerability digest.
15 January 2021
Iranian cyberspies took advantage of Christmas to launch spearphishing attacks

Iranian cyberspies took advantage of Christmas to launch spearphishing attacks

The Charming Kitten hackers sent fake text messages from “Google Account Recovery” and fake emails with Christmas content.
15 January 2021
NSA: Companies should use only designated enterprise DNS resolvers for DNS traffic

NSA: Companies should use only designated enterprise DNS resolvers for DNS traffic

DoH is not a panacea and does not guarantee protection from hackers, the NSA warns.
15 January 2021