Microsoft Issues Patches for Actively Exploited Zero-Day and 82 Other Flaws

The first patch Tuesday of this year addresses 83 flaws spread across 11 Microsoft products and services including a patch for a zero-day that was actively being exploited. All bugs are of importance with 10 being listed as Critical and 73 being listed as Important in their severity.

The most severe flaw is one that is being actively exploited – although there are currently not many details regarding how widespread attacks are – and is a remote code execution (RCE) flaw in Microsoft Defender that could allow hackers to infect targeted systems with arbitrary code. Furthermore, exploiting this vulnerability does not require interaction from the user. Although, Microsoft have said that there are substantial modifications needed for it to work and due to this it is considered to be proof of concept. Microsoft also mentioned that if organisations are currently utilising automatic updating then “no actions should be required”.