Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021


Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.



Microsoft has released patches for 83 vulnerabilities on its first Patch Tuesday of 2021, which addresses 10 critical flaws, including one zero-day remote code execution bug in Microsoft Defender. 
The fixes released today cover Microsoft Windows, the Edge browser, ChakraCore, Office and Microsoft Office Services and Web Apps, Microsoft Malware Protection Engine, Visual Studio, ASP .NET, .NET Core, and Azure. Of these, 73 are classified Important; one is publicly known.
While 83 CVEs (common vulnerabilities and exposures) is much lower than the record monthly patch numbers Microsoft
reported last year
, its 59% higher than the 49 patched in January 2020. If thats any indication, it means 2021 will be another banner year for Patch Tuesday vulnerability disclosures, says Satnam Narang, staff research engineer at Tenable.
CVE-2021-1647
is the critical bug in Microsofts Malware Protection Engine already seen in the wild. Microsoft does not elaborate on these attacks or how widespread they are. It does say a proof-of-concept code is available, though the code or technique may not work in all situations. 
This vulnerability doesnt affect the network stack, and an attacker could gain access remotely via SSH, locally by accessing the machine itself, or by tricking the user into performing an action that would trigger the bug, such as opening a malicious file. User interaction is not required.
Attack complexity is low, meaning attackers wouldnt require specialized access conditions to exploit the flaw, and they can expect repeatable success against the vulnerable component, Microsoft says in its disclosure. It also requires low privileges: An attacker would need privileges that provide basic user capabilities, which normally only affect user-owned settings and files.
Considering how prevalent Microsoft Defender is, this flaw provides attackers with a large attack surface, Narang says. 
News of the zero-day and patch arrive weeks after Microsoft
confirmed
its network was among the thousands affected by infected SolarWinds software updates, and it admitted attackers were
able to view
its source code. While there are no details of attacks leveraging this zero-day, Dustin Childs of Trend Micros Zero-Day Initiative (ZDI)
acknowledges
the possibility that this patch could be related to the compromise. 
For many organizations, CVE-2021-1647 may already be patched. Microsoft often updates malware definitions and the Microsoft Malware Protection Engine. The default configuration for both businesses and individuals ensures both are automatically updated, the company says. Those whose systems are not connected to the Internet will need to manually apply the fix. 
For organizations that are configured for automatic updating, no actions should be required, but one of the first actions a threat actor or malware will try to attempt is to disrupt threat protection on a system so definition and engine updates are blocked, says Chris Goettl, senior director of product management and security at Ivanti.
He advises security teams to ensure their Microsoft Malware Protection Engine is at Version 1.1.17700.4 or higher. 
The ZDI publicly disclosed
CVE-2021-1648
, an important elevation of privilege flaw in print driver host splwow64, after it exceeded its own disclosure timeline. This patch was also
discovered
by Google Project Zero researchers and corrects a flaw introduced in an earlier patch. Like the zero-day patched this month, this vulnerability has low attack complexity, low required privileges, and does not require user interaction for exploitation, Microsoft reports. 
The previous CVE was being exploited in the wild, so its within reason to think this CVE will be actively exploited as well, Trend Micros Childs writes.
CVE-2021-1647 aside, the remaining Critical bugs are all remote code execution vulnerabilities. Five affect Remote Procedure Call (RPC) runtime, including
CVE-2021-1660
, which has a CVSS score of 8.8 and is bound to the network stack. Microsoft says this can be exploited using a low-complexity attack and requires no privileges or user interaction.
Its worth noting Microsoft also patched four additional RPC vulnerabilities that are classified as Important but have the same CVSS score and descriptors as the critical flaws. Microsoft now providers fewer details in patch descriptions and its unclear why some of these flaws are classified as Critical and others as Important.
This months Critical bugs primarily affect the operating system, browser, and malware protection, Goettl notes. He urges businesses to also pay attention to Important updates, some of which address bugs in developer tools. Your development teams need to be aware of what tools they are using and what vulnerabilities may be exposed, he explains.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021