Marking the first Patch Tuesday of 2021, Microsoft has released updates to its operating systems and other software, patching over 80 security holes (including one currently exploited by malicious hackers). Ten of the bugs received the “critical” ranking, indicating that they could be abused by malware or threat actors to gain remote control over unpatched systems with little to no user intervention.
The January 2020 Patch Tuesday addressed vulnerabilities found in Windows, Microsoft Malware Protection Engine, Microsoft Edge, Microsoft Office, Microsoft Windows Codecs Library, Azure, SQL Server, Visual Studio, .NET Core, .NET Repository, and ASP.NET.
Zero-Day in Microsoft Defender
One of the software flaws (CVE-2021-1647) found in Microsoft Defender is already being actively abused. Since the vendor has recently stopped supplying a high amount of information in their vulnerability advisories, it’s quite unclear how attackers could be leveraging it. Nonetheless, the RCE bug may enable threat actors to run code on compromised computers by tricking users into downloading and opening a malicious document on a machine where Defender is installed.
Microsoft believes that the method is not practical in all cases, and is therefore considered to be at a proof-of-concept stage, despite misuse being observed in the wild. For more successful assaults, however, the code may be improved.
The software giant also issued updates for the Microsoft Malware Protection Engine (version 1.1.17700.4 or later) to prevent potential attacks, which would entail little user intervention.
You can follow the instructions in this guide by Bleeping Computer to check the installed version of your Microsoft Defender engine.
Elevation of Privilege vulnerability
In the Windows splwow64 service, Microsoft has patched a security bug that could be exploited to elevate the rights of an intruder. Last month, the details on this bug (tracked as CVE-2021-1648) were made public. However, the flaw was not exploited in the wild, according to Microsoft, despite the information being publicly accessible.
Windows RDP Core Security Feature Bypass Vulnerability
CVE-2021-1674 is a Windows Remote Desktop Protocol (RDP) flaw that can be abused by an attacker with a privileged account. The bug was not officially revealed to have been abused, yet, RDP has always been a preferred attack entry point used by malicious actors.
Our powerful PAM platform, Heimdal™ Privileged Access Management, helps you handle admin rights within your enterprise. This is the only solution that allows you to elevate and de-escalate user privileges and the only one that de-escalates user rights on infected endpoints instantly when threats are detected (when used in tandem with our Threat Prevention or Endpoint Antivirus solutions).
As always, Heimdal™ urges administrators to install this month’s updates to prevent potential disruptions in the event that any of these bugs are utilized by cybercriminals.
With automated updates activated, our customers who use Heimdal™ Patch & Asset Management can relax knowing that they are safe.
Every month, almost 50% of Heimdal™’s Business customers patch their Microsoft applications within 3 days upon release. The rest of them tend to pause the process of patching according to their own timetable.
With flexible set-and-forget configurations for Automated Rollout of apps and patches and a complete CVE/CVSS audit trail, Heimdal™ Patch & Asset Management is the quickest and shortest path to complete and effective patch management. Using protected bundles through HTTPS transfers, we distribute updates completely repackaged, ad-free, and tested. The deployment is further optimized locally utilizing a P2P network between endpoints, and the software center enables them to revoke admin privileges and allow their users to click-and-install only the software accepted by their IT department.
Get a free 30-day trial of Heimdal™ Patch & Asset Management and see how for yourself how intuitive and easy it is to use, configure, and monitor.
Additional Patch Management resources:
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944