Microsoft fixes Defender’s zero-day vulnerability on Patch Tuesday

Get a free Techzine subscription!

Microsoft’s latest monthly security patches came out on Patch Tuesday, with the fix for Defender’s zero-day included. January’s updates patch a total of 83 vulnerabilities, spread out over a wide range of Microsoft’s products. They include cloud-based offerings, the Windows OS, Enterprise Servers, and developer tools.

The most important fix was in the form of a patch for the Microsoft Defender antivirus, which the company says was exploited before the patch was applied.

It was tracked as CVE-2021-1647 and is described as a remote code execution bug. The RCE allows hackers to execute code on affected machines by tricking users into opening malicious documents on a system that had Defender installed.

Automatic fix

Microsoft said that despite the exploitation being detected in the wild, the technique does not always work and is still considered only at the proof-of-concept level, with no major hacking campaigns utilizing it.

However, the code could always be changed and come back with different attack methods.

To counter potential attacks in the future, Microsoft came out with the Microsoft Malware Protection Engine’s patches. The most important part is that it does not require your intervention to install and will happen automatically unless specifically blocked by sysadmins.

Time to update

Microsoft also had to fix a security flaw in the Windows splwow64 services that could elevate the privileges of attackers’ code.

This bug’s details were tracked as CVE-2021-1648 and were announced publicly in December by Trend Micro’s Zero-Day Initiative project.

According to Microsoft, despite the details being publicly available, the bug was not exploited in the wild. Sysadmins are encouraged to revise and apply the patches to ensure that these flaws are not used.

Tip: Microsoft has lost its grip on the Windows 10 update process