Security News > 2021 > January > Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes.
The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.
Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
"The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref," Childs wrote in a prepared Patch Tuesday analysis.
Eight additional bugs rated critical were also part of Microsoft's Tuesday vulnerability fixes.
Five January Patch Tuesday flaws were each remote procedure call bugs.
News URL
https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)