Microsoft Patch Tuesday Released with 83 Fixes

There are 10 Critical and 73 Important fixes this month for Microsoft Windows, Edge (Edge HTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure and another month without fixes for Internet Explorer 11.

Year 2 Extended Support approaches: Windows 7 and Windows Server 2008 (including R2) have both 5 Important vulnerabilities fixed.

Robert Brown, Head of Customer Success for Syxsense said, “This is a very reasonable sized release by Microsoft this month, which we really appreciate as everyone returns to work after the New Year holiday. We do have a Weaponised vulnerability to immediately respond to which Microsoft have confirmed is being exploited, and one which has been made Publicly Aware meaning the exact mechanism to exploit is publicly known.”

Top January Patches and Vulnerabilities

1. CCVE-2021-1647: Microsoft Defender Remote Code Execution Vulnerability

The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Although this should be updated automatically, if you have installed another Antivirus Solution which has disabled Microsoft Defender, it’s own update mechanism may not run and there you could still be vulnerable.

Vendor Severity: Critical
CVSS: 7.8
Weaponized: Yes
Syxscore Risk Alert:

• Attack Vector: Local
• Attack Complexity: Low
• Privileges: Low
• User Interaction: None
• Jump Point: No

2. CCVE-2021-1648: Microsoft splwow64 Elevation of Privilege Vulnerability

SPLWOW64.exe is a Windows process that runs when using 32-bit printer drivers on 64 bit Windows operating systems. Although most operating systems in use are 64bit, most legacy software will still need to use a 32bit driver.

Vendor Severity: Important
CVSS: 7.8
Publicly Aware: Yes
Syxscore Risk Alert:

• Attack Vector: Local
• Attack Complexity: Low
• Privileges: Low
• User Interaction: None
• Jump Point: No

3. CVE-2021-1691: Hyper-V Denial of Service Vulnerability

We know some organisations are using Hyper-V to setup secure stations (aka sandbox) back to corporate networks since the beginning of the lockdown. This vulnerability impacts both Window10 and Windows Server OS.

Vendor Severity: Important
CVSS: 7.7
Syxscore Risk Alert:

• Attack Vector: Local
• Attack Complexity: Low
• Privileges: Low
• User Interaction: None
• Jump Point: Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference	Description	Vendor Severity	CVSS Score	Countermeasure	Publicly Aware	Weaponised	Syxsense Recommended
CVE-2021-1647	Microsoft Defender Remote Code Execution Vulnerability	Critical	7.8	No	No	Yes	Yes
CVE-2021-1648	Microsoft splwow64 Elevation of Privilege Vulnerability	Important	7.8	No	Yes	No	Yes
CVE-2021-1658	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical	8.8	No	No	No	Yes
CVE-2021-1660	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical	8.8	No	No	No	Yes
CVE-2021-1666	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical	8.8	No	No	No	Yes
CVE-2021-1667	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical	8.8	No	No	No	Yes
CVE-2021-1673	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Critical	8.8	No	No	No	Yes
CVE-2021-1664	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1671	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1700	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1701	Remote Procedure Call Runtime Remote Code Execution Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1674	Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1669	Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1707	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important	8.8	No	No	No	Yes
CVE-2021-1665	GDI+ Remote Code Execution Vulnerability	Critical	7.8	No	No	No	Yes
CVE-2021-1643	HEVC Video Extensions Remote Code Execution Vulnerability	Critical	7.8	No	No	No	Yes
CVE-2021-1668	Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability	Critical	7.8	No	No	No	Yes
CVE-2021-1691	Hyper-V Denial of Service Vulnerability	Important	7.7	No	No	No	Yes
CVE-2021-1692	Hyper-V Denial of Service Vulnerability	Important	7.7	No	No	No	Yes
CVE-2021-1705	Microsoft Edge (HTML-based) Memory Corruption Vulnerability	Critical	4.2	No	No	No	Yes
CVE-2021-1636	Microsoft SQL Elevation of Privilege Vulnerability	Important	8.8	No	No	No
CVE-2021-1712	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	8	No	No	No
CVE-2021-1719	Microsoft SharePoint Elevation of Privilege Vulnerability	Important	8	No	No	No
CVE-2021-1718	Microsoft SharePoint Server Tampering Vulnerability	Important	8	No	No	No
CVE-2021-1649	Active Template Library Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1651	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1680	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1644	HEVC Video Extensions Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1713	Microsoft Excel Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1714	Microsoft Excel Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1711	Microsoft Office Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1710	Microsoft Windows Media Foundation Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1715	Microsoft Word Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1716	Microsoft Word Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1642	Windows AppX Deployment Extensions Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1652	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1653	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1654	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1655	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1659	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1688	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1693	Windows CSC Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1703	Windows Event Logging Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1662	Windows Event Tracing Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1657	Windows Fax Compose Form Remote Code Execution Vulnerability	Important	7.8	No	No	No
CVE-2021-1661	Windows Installer Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1697	Windows Install Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1689	Windows Multipoint Management Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1695	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1702	Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1650	Windows Runtime C++ Template Library Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1681	Windows Wallet Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1686	Windows Wallet Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1687	Windows Wallet Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1690	Windows Wallet Service Elevation of Privilege Vulnerability	Important	7.8	No	No	No
CVE-2021-1638	Windows Bluetooth Security Feature Bypass Vulnerability	Important	7.7	No	No	No
CVE-2021-1723	.NET Core and Visual Studio Denial of Service Vulnerability	Important	7.5	No	No	No
CVE-2021-1694	Windows Update Stack Elevation of Privilege Vulnerability	Important	7.5	No	No	No
CVE-2021-1685	Windows AppX Deployment Extensions Elevation of Privilege Vulnerability	Important	7.3	No	No	No
CVE-2021-1704	Windows Hyper-V Elevation of Privilege Vulnerability	Important	7.3	No	No	No
CVE-2021-1706	Windows LUAFV Elevation of Privilege Vulnerability	Important	7.3	No	No	No
CVE-2020-26870	Visual Studio Remote Code Execution Vulnerability	Important	7	No	No	No
CVE-2021-1682	Windows Kernel Elevation of Privilege Vulnerability	Important	7	No	No	No
CVE-2021-1709	Windows Win32k Elevation of Privilege Vulnerability	Important	7	No	No	No
CVE-2021-1646	Windows WLAN Service Elevation of Privilege Vulnerability	Important	6.6	No	No	No
CVE-2021-1679	Windows CryptoAPI Denial of Service Vulnerability	Important	6.5	No	No	No
CVE-2021-1708	Windows GDI+ Information Disclosure Vulnerability	Important	5.7	No	No	No
CVE-2021-1677	Azure Active Directory Pod Identity Spoofing Vulnerability	Important	5.5	No	No	No
CVE-2021-1725	Bot Framework SDK Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1656	TPM Device Driver Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1699	Windows (modem.sys) Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1683	Windows Bluetooth Security Feature Bypass Vulnerability	Important	5.5	No	No	No
CVE-2021-1637	Windows DNS Query Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1696	Windows Graphics Component Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1676	Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1663	Windows Projected File System FS Filter Driver Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1670	Windows Projected File System FS Filter Driver Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1672	Windows Projected File System FS Filter Driver Information Disclosure Vulnerability	Important	5.5	No	No	No
CVE-2021-1684	Windows Bluetooth Security Feature Bypass Vulnerability	Important	5	No	No	No
CVE-2021-1645	Windows Docker Information Disclosure Vulnerability	Important	5	No	No	No
CVE-2021-1641	Microsoft SharePoint Spoofing Vulnerability	Important	4.6	No	No	No
CVE-2021-1717	Microsoft SharePoint Spoofing Vulnerability	Important	4.6	No	No	No
CVE-2021-1678	NTLM Security Feature Bypass Vulnerability	Important	4.3	No	No	No