Security News

One of these bugs is publicly known, according to Microsoft, while another, a remote-code execution hole in the Windows Defender security system, is actively being exploited. CVE-2021-1647 is a Microsoft Defender remote code execution vulnerability.

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The most severe of the issues is a remote code execution flaw in Microsoft Defender that could allow attackers to infect targeted systems with arbitrary code.

Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "Critical" bug in the Defender security product that's being actively exploited. Security experts are urging security response personnel to pay special attention to CVE-2021-1647, which describes a remote code execution flaw in Microsoft Defender, the company's flagship anti-malware product.

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.

Microsoft on Monday announced that Microsoft Defender for Endpoint on Linux now provides endpoint detection and response capabilities to all users. Initially available on Windows only, Microsoft Defender for Endpoint has received support for all major platforms, and is now available on macOS, Linux, Android, and iOS, the Redmond, Wash.

Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released. "Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products," Microsoft says.

Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today. With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important.

After a few months in preview, Microsoft has made Defender Endpoint Detection and Response generally available for Linux servers. Microsoft has extended its Defender product over multiple platforms throughout the last year or so, having shaved the "Windows" prefix from the system.

Email security company Mimecast has disclosed today that a "Sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

Microsoft has released Sysmon 13 with a new security feature that detects if a process has been tampered using process hollowing or process herpaderping techniques. Process hollowing is when malware launches a legitimate process in a suspended state and replaces legitimate code in the process with malicious code.