Microsoft has begun distributing this year's first security patch through its Patch Tuesday program. The developers have released fixes for 83 vulnerabilities in various products, including Windows 10, cloud products, developer tools, etc. The January security patch is available for devices with Windows 10 October 2020 Update (20H2), Windows 10 May 2020 Update (2004) and Windows 10 November 2019 Update (1909).
The most serious issue addressed by the January security update is a zero-day vulnerability in Microsoft Defender antivirus used in Windows 10. We are talking about a remote code execution vulnerability, which has the identifier CVE-2021-1647 and has already been exploited by hackers in practice.
The exploitation of the vulnerability allows remote code execution on systems with Microsoft Defender if the victim launches a specially configured malicious file inside the OS. Despite the fact that there have already been recorded cases of this vulnerability being used by cybercriminals, Microsoft notes that its exploitation is not possible in all cases, and the corresponding exploit is still under development.
To prevent possible future attacks, Microsoft has released fixes for the Malware Protection Engine. They are installed automatically and do not require any action from users (unless the updates are blocked by the administrator).
Microsoft's first security update package this year is now available to customers. For a complete list of patched vulnerabilities, see the Microsoft Security Update Guide.
0 Comments