Microsoft Issues Patches for Actively Exploited Zero-Day and 82 Other Flaws

Author: Melodie Foster

Date: 13th January 2021

The first patch Tuesday of this year addresses 83 flaws spread across 11 Microsoft products and services including a patch for a zero-day that was actively being exploited. All bugs are of importance with 10 being listed as Critical and 73 being listed as Important in their severity.

The most severe flaw is one that is being actively exploited – although there are currently not many details regarding how widespread attacks are – and is a remote code execution (RCE) flaw in Microsoft Defender that could allow hackers to infect targeted systems with arbitrary code. Furthermore, exploiting this vulnerability does not require interaction from the user. Although, Microsoft have said that there are substantial modifications needed for it to work and due to this it is considered to be proof of concept. Microsoft also mentioned that if organisations are currently utilising automatic updating then “no actions should be required”.

Other flaws that have been fixed include a privilege escalation flaw that was disclosed by Google Project Zero in December following Microsoft’s failing to fix it within 90 days of responsible disclosure. Five critical RCE flaws in Remote Procedure Call Runtime and a memory corruption flaw in Microsoft Edge browser were among the other patches. [1]

[1] https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

Microsoft Issues Patches for Actively Exploited Zero-Day and 82 Other Flaws

Author: Melodie Foster

Date: 13th January 2021

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta