Microsoft Patches Microsoft Defender Zero-day Vulnerability
On Tuesday, January 12th, Microsoft released the first scheduled security updates for its products this year. The January patches fix a total of 83 vulnerabilities in Windows OS, cloud products, developer tools and corporate servers.
Of all the vulnerabilities patched, the most serious is a zero-day vulnerability in Microsoft Defender, which was exploited by hackers before the patch was released. CVE-2021-1647 is a remote code execution vulnerability that could allow an attacker to execute code on a system with an affected Microsoft Defender, forcing the victim to open a malicious document.
According to Microsoft, although the vulnerability is already being used in real attacks, the technique of its exploitation is not applicable in all cases, and the exploit is still at the PoC level. However, this does not mean that it cannot evolve over time into a full-fledged tool for more reliable attacks.
In order to prevent possible attacks, Microsoft has released patches for the Microsoft Malware Protection Engine. The update will be installed automatically and does not require user participation, except when it was blocked by the administrator.
The January patches also fix an out of bounds read vulnerability in Windows disclosed by the Trend Micro Zero-Day Initiative last month. CVE-2021-1648 allows a local attacker to disclose sensitive information. To exploit this vulnerability, an attacker must first be able to execute code with low privileges on the target system.
Although the vulnerability was disclosed on December 15, no evidence of its exploitation in actual attacks has yet been found. However, system administrators are strongly encouraged to install the patch to avoid possible future consequences.