Security News > 2021 > January > Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes.
The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.
Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
"The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref," Childs wrote in a prepared Patch Tuesday analysis.
Eight additional bugs rated critical were also part of Microsoft's Tuesday vulnerability fixes.
Five January Patch Tuesday flaws were each remote procedure call bugs.
News URL
https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)