Author: Melodie Foster

Date: 13th January 2021

 

The first patch Tuesday of this year addresses 83 flaws spread across 11 Microsoft products and services including a patch for a zero-day that was actively being exploited. All bugs are of importance with 10 being listed as Critical and 73 being listed as Important in their severity.

The most severe flaw is one that is being actively exploited – although there are currently not many details regarding how widespread attacks are – and is a remote code execution (RCE) flaw in Microsoft Defender that could allow hackers to infect targeted systems with arbitrary code. Furthermore, exploiting this vulnerability does not require interaction from the user. Although, Microsoft have said that there are substantial modifications needed for it to work and due to this it is considered to be proof of concept. Microsoft also mentioned that if organisations are currently utilising automatic updating then “no actions should be required”.

Other flaws that have been fixed include a privilege escalation flaw that was disclosed by Google Project Zero in December following Microsoft’s failing to fix it within 90 days of responsible disclosure. Five critical RCE flaws in Remote Procedure Call Runtime and a memory corruption flaw in Microsoft Edge browser were among the other patches. [1]

[1] https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Receive knowledge to your inbox