Security News > 2021 > January > Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes.
The most serious bug is a flaw in Microsoft's Defender anti-malware software that allows remote attackers to infect targeted systems with executable code.
Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
"The previous patch introduced a function to check an input string pointer, but in doing so, it introduced an Out-of-Bounds Read condition. Additional bugs are also covered by this patch, including an untrusted pointer deref," Childs wrote in a prepared Patch Tuesday analysis.
Eight additional bugs rated critical were also part of Microsoft's Tuesday vulnerability fixes.
Five January Patch Tuesday flaws were each remote procedure call bugs.
News URL
https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/
Related news
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- August 2024 Patch Tuesday forecast: Looking for a calm August release (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)