Security News > 2021 > January > Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
The most severe of the issues is a remote code execution flaw in Microsoft Defender that could allow attackers to infect targeted systems with arbitrary code.
Microsoft Malware Protection Engine provides the scanning, detection, and cleaning capabilities for Microsoft Defender antivirus and antispyware software.
Tuesday's patch also rectifies a privilege escalation flaw introduced by a previous patch in the GDI Print / Print Spooler API that was disclosed by Google Project Zero last month after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.
Other vulnerabilities fixed by Microsoft include a memory corruption flaws in Microsoft Edge browser, a Windows Remote Desktop Protocol Core Security feature bypass flaw, and five critical RCE flaws in Remote Procedure Call Runtime.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.
News URL
Related news
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)