15 January 2021

Vulnerability summary for the week: January 15, 2021


Vulnerability summary for the week: January 15, 2021

This week, Microsoft released its 2021's first major patch round that fixes a total of 83 vulnerabilities affecting a wide range of the company’s products, including a zero day issue that has been actively exploited in the real-world attacks.

The flaw, tracked as CVE-2021-1647, is described as a remote code execution (RCE) vulnerability that allows malicious actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Windows Defender is installed. The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

The vulnerability was fixed in Microsoft Malware Protection Engine v1.1.17700.4.

Besides CVE-2021-1647, the company has also fixed a security flaw (CVE-2021-1648) in the Windows splwow64 service that could be exploited to elevate the privileges and bypass security restrictions.

In addition to the above flaws, January Patch Tuesday addresses a number of high risk issues across multiple products, including Microsoft Word, Excel, Office, Microsoft Windows Media Foundation, Microsoft DTV-DVD Video Decoder, and Microsoft HEVC Video Extensions.

Adobe has also rolled out a batch of security updates resolving a number of vulnerabilities that can lead to code execution. The security updates address issues across several tech giant’s products, including Photoshop, Animate, Bridge, InCopy, Captivate, and Campaign Classic.

Red Hat Quay, a private container registry, contains multiple vulnerabilities, including over two dozen flaws that could be exploited for remote code executions. The impacted software versions include Red Hat Quay 3.3.0, 3.3.1. The remaining bugs allow an attacker to perform cross-site scripting (XSS) attacks, gain access to important data, or bypass security restrictions.

Multiple vulnerabilities have been found in several Siemens products, including Siemens Solid Edge, Siemens SCALANCE X-300 Switches, and Siemens SCALANCE X-200 and SCALANCE X-200IRT Switches. The most severe of the bugs (CVE-2021-22697, CVE-2021-22698, CVE-2020-28391, CVE-2020-25226, CVE-2020-28381, CVE-2020-28382, CVE-2020-28383, CVE-2020-28384, CVE-2020-28386, CVE-2020-26989) can be used by a remote attacker to compromise a vulnerable system. Note. There are no patches available for Siemens SCALANCE X-300 Switches, and Siemens SCALANCE X-200 and SCALANCE X-200IRT Switches.

Juniper Junos Space Network Management Platform has over 40 security vulnerabilities, 6 of which are considered high-risk as they allow code execution (CVE-2020-2604, CVE-2020-2803, CVE-2020-2805, CVE-2020-5208, CVE-2020-8616, CVE-2019-11745). The flaws affect Juniper Junos Space versions before 20.3R1.

A couple of vulnerabilities were discovered in the Schneider Electric EcoStruxure Power Build-Rapsody software (CVE-2021-22697, CVE-2021-22698), which could be leveraged to takeover a vulnerable system. The vulnerable software version is EcoStruxure Power Build - Rapsody 2.1.13.

At the time of writing, the manufacturer has not yet released a security update for these bugs so they are still remain unpatched.

Mozilla has fixed a high-risk vulnerability (CVE-2020-16044) in its Thunderbird email client that could allow a remote attacker to compromise a vulnerable system. The flaw affects the following software versions: Mozilla Thunderbird 60.0, 60.2.1, 60.3, 60.3.0, 60.3.1, 60.3.2, 60.3.3, 60.4, 60.4.0, 60.5, 60.5.0, 60.5.1, 60.5.2, 60.5.3, 60.6.0, 60.6.1, 60.7.0, 60.7.1, 60.7.2, 60.8.0, 60.9.0, 60.9.1, 68.0, 68.1.0, 68.1.1, 68.1.2, 68.2.0, 68.2.1, 68.2.2, 68.3.0, 68.3.1, 68.4.1, 68.4.2, 68.5.0, 68.6.0, 68.7.0, 68.8.0, 68.8.1, 68.9.0, 68.10.0, 68.11.0, 68.12.0, 68.12.1, 78.0, 78.0.1, 78.1.0, 78.1.1, 78.2.0, 78.2.1, 78.2.2, 78.3.0, 78.3.1, 78.3.2, 78.3.3, 78.4.0, 78.4.1, 78.4.2, 78.4.3, 78.5.0, 78.5.1, 78.6.0.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021