Security News > 2021 > January > Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
The most severe of the issues is a remote code execution flaw in Microsoft Defender that could allow attackers to infect targeted systems with arbitrary code.
Microsoft Malware Protection Engine provides the scanning, detection, and cleaning capabilities for Microsoft Defender antivirus and antispyware software.
Tuesday's patch also rectifies a privilege escalation flaw introduced by a previous patch in the GDI Print / Print Spooler API that was disclosed by Google Project Zero last month after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.
Other vulnerabilities fixed by Microsoft include a memory corruption flaws in Microsoft Edge browser, a Windows Remote Desktop Protocol Core Security feature bypass flaw, and five critical RCE flaws in Remote Procedure Call Runtime.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)