Security News > 2021 > January > Microsoft Patch Tuesday: 83 Vulnerabilities, 10 Critical, 1 Actively Exploited
Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "Critical" bug in the Defender security product that's being actively exploited.
Security experts are urging security response personnel to pay special attention to CVE-2021-1647, which describes a remote code execution flaw in Microsoft Defender, the company's flagship anti-malware product.
The Microsoft Defender update comes with an "Exploitation detected" warning and was shipped via the Microsoft Malware Protection Engine, a utility used to clean-up remnants of known malware attacks.
Of the 83 vulnerabilities documented for January, 10 are rated "Critical," Microsoft's highest severity rating.
The January batch of patches cover serious security holes in Microsoft Office, Microsoft Office Services and Web Apps, Microsoft WIndows, Visual Studio,.
According to Dustin Childs, a research who tracks security updates for ZDI, the major bug in the Microsoft Malware Protection Engine may already be patched as the engine auto-updates as needed.
News URL
Related news
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- August 2024 Patch Tuesday forecast: Looking for a calm August release (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-12 | CVE-2021-1647 | Improper Input Validation vulnerability in Microsoft products Microsoft Defender Remote Code Execution Vulnerability | 7.8 |