Security News > 2021 > January > Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes.
The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.
Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
"The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref," Childs wrote in a prepared Patch Tuesday analysis.
Eight additional bugs rated critical were also part of Microsoft's Tuesday vulnerability fixes.
Five January Patch Tuesday flaws were each remote procedure call bugs.
News URL
https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)