Security News > 2021 > January > Microsoft Patch Tuesday, January 2021 Edition

Microsoft Patch Tuesday, January 2021 Edition
2021-01-13 01:32

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today.

Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it's not entirely clear how this is being exploited.

This bug is probably already patched by Microsoft on end-user systems, as the company continuously updates Defender outside of the normal monthly patch cycle.

CVE-2020-1660 is actually just one of five bugs in a core Microsoft service called Remote Procedure Call, which is responsible for a lot of heavy lifting in Windows.

Allan Liska, senior security architect at Recorded Future, said while it is concerning that so many vulnerabilities around the same component were released simultaneously, two previous vulnerabilities in RPC - CVE-2019-1409 and CVE-2018-8514 - were not widely exploited.

Separately, Adobe released security updates to tackle at least eight vulnerabilities across a range of products, including Adobe Photoshop and Illustrator.


News URL

https://krebsonsecurity.com/2021/01/microsoft-patch-tuesday-january-2021-edition/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-1660 Unspecified vulnerability in Juniper Junos
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart.
network
low complexity
juniper
critical
9.9
2019-11-12 CVE-2019-1409 Improper Initialization vulnerability in Microsoft products
An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'.
local
low complexity
microsoft CWE-665
5.5
2018-12-12 CVE-2018-8514 Improper Initialization vulnerability in Microsoft products
An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
local
low complexity
microsoft CWE-665
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 473 68 2214 4928 253 7463