Microsoft’s First ‘Patch Tuesday’ of the Year Brings Fix for Defender Zero-Day

  • Microsoft has released the first patch of the year, and it’s a comprehensive set of fixes.
  • One noteworthy flaw is an actively exploited bug in Defender, which triggers an RCE scan.
  • Most of the addressed vulnerabilities are elevation of privilege, RCE, and information disclosure bugs.

The first ‘Patch Tuesday’ to kick-off 2021 has Microsoft fixing 83 vulnerabilities across its various products, with one being an actively exploited zero-day in Windows Defender (CVE-2021-1647). It is to be found on all Windows installations out there as it’s the default AV/AM tool of the OS.

The particular bug enables attackers to engage in remote code execution because of an error in handling the parsing of information structures in certain executables. One would have to craft a special file that would trigger a Windows Defender scan to exploit it.

One thing to clarify is that if the user has manually disabled the Defender or has installed a third-party AV product that automatically disables Microsoft’s tool, then the attack would not work. That said, if applying the patch right now is impossible, a temporary mitigation would be to deactivate Defender.

A second vulnerability that may be under active exploitation but not definitely is 'CVE-2021-1709'. This is a bug in the Win32k component, which could enable an attacker to gain escalation of privilege on the target system through memory corruption. This bug presupposed local access to the target system, so it’s not as critical.

Other notable important flaws that were fixed with the latest patch are the following:

  • CVE-2021-1707: SharePoint service flaw allowing access to a site and remote code execution within the kernel.
  • CVE-2021-1677: Identity spoofing vulnerability in Azure Active Directory Pod.
  • CVE-2021-1705: Memory corruption vulnerability in the HTML-based version of Microsoft Edge.
  • CVE-2021-1648: Elevation of privilege vulnerability in splwow64.
  • CVE-2021-1643: Code execution vulnerability in HEVC video files.
  • CVE-2021-1660: Remote procedure call runtime remote code execution flaw that is particularly easy to reproduce.
Source: Sophos

Of course, there are many more flaws, and their importance is not always reflected by the individual CVVS scores, as people use different components, configurations, and tools. Thus, the best way to stay safe and protected against hacking risks would be to just apply the patch and address everything.

As always, be sure to backup your data before applying the update, as things can always go wrong in the patching process. Even if you blindly trust Windows testers, a power outage during the update (which would lead to a corrupted filesystem) is always a possibility, so don’t risk it.

How to Watch Rescue: Extreme Medics Season 2 Online Free from Anywhere
Get ready to cheer out loud and feel the adrenaline rush! Why? Because Rescue: Extreme Medics Season 2 is coming soon. The...
How to Watch Scotland’s Home of the Year Season 5 Online Free from Anywhere
Scotland's Home of the Year Season 5 is set to premiere soon, and we have the premiere date, cast, plot, episode release...
How to Watch Family Law Season 2 Online from Anywhere
Family Law has a second season coming up soon, and you’ll be able to stream it online from anywhere in the world....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari