Microsoft Releases Patch for Actively Exploited Windows Defender Zero Day and 9 Other Critical Flaws

The first Patch Tuesday of 2021 has seen Microsoft release patches to fix 83 vulnerabilities across its range of products, including one zero-day vulnerability in Windows Defender that is being actively exploited in the wild. This month’s round of patches includes fixes for 10 critical and 73 important vulnerabilities in Windows OS, Edge, Office, Visual Studio, .Net Core, .Net Repository, ASP .Net, Azure, Malware Protection Engine and SQL Server.

The most serious vulnerability is the Windows Defender bug, which has been exploited in the wild for around 3 months. The vulnerability is tracked as CVE-2021-1647 and is in the Microsoft Malware Protection Engine. The flaw has been corrected in version 1.1.1770.4, which has already been pushed out to customers. However, it is possible that the flaw has not yet been corrected, so it is important to check. The flaw can be exploited by attackers to remotely install and execute malicious code.  The flaw can be exploited by tricking a user into opening a malicious document on a system with Windows Defender installed, via a phishing email for example. Some security researchers believe this vulnerability was exploited in the SolarWinds cyberattack that was discovered in December 2020.

Another important vulnerability to prioritize is the Windows 10 splWOW64 Elevation of Privilege vulnerability tracked as CVE-2020-1648. This vulnerability was publicly disclosed by Google’s Project Zero Team in September 2019 under the CVE code CVE-2020-0986. A patch had previously been released to correct the flaw, but it failed to fully fix the vulnerability. At this stage, there are no known cases of the vulnerability being exploited in the wild.

There are 8 other critical vulnerabilities which should be addressed as a priority. Microsoft has patched a remote code execution flaw in Microsoft Edge (CVE-2021-1705). Exploitation of the flaw would allow an attacker to gain the same privileges as the current user. If that user has admin rights, an attacker could take control of a vulnerable system. The flaw could be exploited by convincing the user to visit a malicious website.

Five of the critical vulnerabilities are present in Windows Remote Procedure Call Runtime and are tracked as CVE-2021-1658, CVE-2021-1660, CVE-2021-1667, CVE-2021-1673, and CVE-2021-1666. The remote procedure call flaws could be exploited to elevate privileges, run a specially crafted application, and take full control of a vulnerable system.

The other critical flaws affect the Microsoft Graphics Component (CVE-2021-1665), Microsoft Windows Codecs Library (CVE-2020-1643), and the Microsoft DTV-DVD Video Decoder (CVE-2021-1668)

Adobe Addresses 7 Critical RCE Flaws

Adobe has also released patches to correct 7 critical flaws in Adobe Campaign Classic (CVE-2021-21009), Adobe Photoshop (CVE-2021-21006), Adobe Illustrator (CVE-2021-21007), Adobe Bridge (CVE-2021-21012 and CVE-2021-21013), Adobe InCopy (CVE-2021-21010) and Adobe Animate (CVE-2021-21008).

Adobe Flash Player is no longer supported, so no further patches will be released to address vulnerabilities. Users have been advised to uninstall Flash Player to improve security. Adobe said it is now blocking Flash Player content which will no longer load.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of