13 January 2021

Microsoft addresses Defender zero day bug actively exploited in the wild


Microsoft addresses Defender zero day bug actively exploited in the wild

Microsoft has released its January 2021 Patch Tuesday security updates that fix a total of 83 vulnerabilities affecting a wide range of the company’s products, including a zero day issue that has been actively exploited in the real-world attacks.

The flaw, tracked as CVE-2021-1647, is described as a remote code execution (RCE) vulnerability that allows malicious actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Windows Defender is installed. The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

CVE-2021-1647 affects the following software versions:

  • Microsoft Security Essentials: All versions

  • Windows Defender: for Windows 8.1, for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703, for Windows RT 8.1, for Windows Server 2019, on Windows 7 for 32-bit Systems Service Pack 1, on Windows Server 2008, on Windows Server 2012

  • Microsoft System Center Endpoint Protection: 2012, 2012 R2

The vulnerability was fixed in Microsoft Malware Protection Engine v1.1.17700.4.

Besides CVE-2021-1647, the company has also fixed a security flaw (CVE-2021-1648) in the Windows splwow64 service that could be exploited to elevate the privileges and bypass security restrictions.

In addition to the above flaws, January Patch Tuesday addresses a number of high risk issues across multiple products, including Microsoft Word, Excel, Office, Microsoft Windows Media Foundation, Microsoft DTV-DVD Video Decoder, and Microsoft HEVC Video Extensions.

Back to the list

Latest Posts

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

Cybercriminals use VoIP platforms to target company employees.
19 January 2021
IObit forum hacked in a DeroHE ransomware attack

IObit forum hacked in a DeroHE ransomware attack

It is unknown, how the hackers managed to compromise the forum, but it is possible that they gained access to an administrative account.
19 January 2021
OpenWrt Project discloses data breach

OpenWrt Project discloses data breach

The hackers gained access to an administrator account on the OpenWrt forum and stole a copy of the user list.
19 January 2021