Security News > 2021 > January > January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCE
Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day.
One of the latter - a zero-day RCE affecting Microsoft Defender antivirus - is being exploited in the wild, but Microsoft didn't reveal more about these attacks.
"This bug in the Microsoft Malware Protection Engine may already be patched on your system as the engine auto-updates as needed. However, if your systems are not connected to the Internet, you'll need to manually apply the patch," Trend Micro Zero Day Initiative's Dustin Childs commented.
Among the critical flaws fixed on this January 2021 Patch Tuesday by Microsoft are five Remote Procedure Call runtime RCEs.
The rest of the patched flaws affect a wide variety of Microsoft solutions, including the Bot Framework SDK, Hyper-V, Microsoft Office, SharePoint, Windows Bluetooth, Windows CSC Service, and so on.
For January 2021 Patch Tuesday, SAP has released 10 new security notes and updated 7 previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/qb6ZXdq2XV0/
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days (source)