January 12, 2021
2020 ended with a bang and without missing a beat, here comes a small, but heavy first Patch Tuesday to start 2021. This month, Microsoft has fixed 83 security flaws, down significantly from most of the infamous monthly totals for 2020, but still up significantly as compared to January of last year. For this release, 10 vulnerabilities are marked as critical, and unfortunately, all of them are remote code execution (RCE) flaws. The most critical is a zero-day Remote Code Execution vulnerability (CVE-2021-1647) affecting Microsoft Defender antivirus.
“A remote code execution vulnerability in MS Defender is bad news. Because it must be able to scan all the files and processes on your system, Defender has some of the highest permissions available, so if you can run code in this context, you’ll gain full access to the system,” noted Kevin Breen, Director of Cyber Threat Research at Immersive Labs.
Microsoft confirmed that this flaw is being exploited in the wild by planting a malicious file on the victim’s machine that exploits Defender once scanned. Researchers are speculating that this has been going on for at least the past three months. The good news is, if your asset is already connected to the internet, chances are it’s already updated but if not, it is strongly encouraged to patch manually ASAP.
Other important CVEs include CVE-2021-1648, an important elevation of privilege flaw in print driver host splwow64. This bug was discovered by Google Project Zero researchers and corrects a flaw actually introduced in an earlier patch. This is another low attack complexity, low required privileges vulnerability, and does not require user interaction for exploitation, Microsoft reports.
As stated earlier, the other 8 critical flaws are all remote code execution vulnerabilities as well. Five affect Remote Procedure Call (RPC) runtime, including CVE-2021-1660, with CVSS score of 8.8. Two more are video-related; CVE-2021-1643 in Windows’ HEVC Video Extensions, and the CVE-2021-1688 in the Microsoft DTV-DVD Video Decoder. The final critical bug, CVE-2021-1665, is in the GDI+ graphics library.
All affected software this month:
For more information or to access the security updates, see
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2021-Jan
To view the list of affected assets for a specific CVE in your Balbix dashboard:
Enter the CVE in the Search field and hit Enter. Balbix automatically prioritizes the search results for remediation. You can also use the filtered search functionality to search for the CVE by site, subnet, location, or other distinguishing factors.
If you have additional questions, please contact support@balbix.com.