Patch Tuesday – 01.2021
Commentary on the January 2021 Patch Tuesday release:
January 2021 sees Microsoft address 83 CVEs, 73 listed as Important and 10 categorized as Critical. As noted in November 2020, Microsoft drastically changed the format and data background on vulnerabilities treated on the monthly release. This featured the removal of executive summaries on vulnerabilities and impairs consumers abilities to understand the underlying context of the vulnerability.
In this Patch Tuesday update, Microsoft addresses the previously reported failed patch update and the 0Day vulnerability that resulted from it:
-
- 10 of the 83 patches are rated as Critical with 73 rated Important
- 1 of the vulnerabilities were publicly released
- 1 of the vulnerabilities were observed in attacks in the wild
- Vulnerabilities of interest:
-
- CVE-2021-1647 – Microsoft Defender Remote Code Execution Vulnerability – RCE / (CVSS:7.8):
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C – A vulnerability in Microsofts’ Malware Protection Engine allows for an attacker exploiting this vulnerability to remotely execute code on a vulnerable system. Microsoft does not reveal the extent of the attacks observed in the wild but it has been reported that this is to the SolarWinds attack where Microsofts networks were compromised. - CVE-2021-1648 – Microsoft splwow64 Elevation of Privilege Vulnerability – EoP / (CVSS:7.8):
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C – This vulnerability was discovered by Googles’ Project Zero, corrects a bug introduced by a previous patch. The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds (OOB) Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref. The previous CVE was being exploited in the wild.
- CVE-2021-1674 – Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability – SFB / (CVSS:8.8):
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C –Â This vulnerability a High CVSS score of 8.8 but as Microsoft has removed the executive summary from vulnerabilities reported in their MSRC; the community lacks exact details. RDP had been a strong target for attacks over the last 2 years and is seen to continue.
- CVE-2021-1647 – Microsoft Defender Remote Code Execution Vulnerability – RCE / (CVSS:7.8):
Â
- Other notable points:
- Microsoft reminds the community that several products have reached End of Support:
- All v1903 releases of the Windows Platform
- Microsoft reminds the community that several products have reached End of Support:
- Other Software Vendors aligning releases to coincide with Microsoft’s Patch Tuesday: