Skip to main content
NewsPatch ManagementPatch Tuesday

January Patch Tuesday 2021 Fixes Critical Defender Bug

By January 12, 2021November 10th, 2022No Comments
||

January Patch Tuesday 2021 Fixes Critical Defender Bug

With 83 new bugs, Microsoft is kicking off the first Patch Tuesday of 2021 with a bang. There are 10 Critical and 73 Important new fixes.

Microsoft Patch Tuesday Released with 83 Fixes

There are 10 Critical and 73 Important fixes this month for Microsoft Windows, Edge (Edge HTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure and another month without fixes for Internet Explorer 11.

Year 2 Extended Support approaches: Windows 7 and Windows Server 2008 (including R2) have both 5 Important vulnerabilities fixed.

Robert Brown, Head of Customer Success for Syxsense said, “This is a very reasonable sized release by Microsoft this month, which we really appreciate as everyone returns to work after the New Year holiday. We do have a Weaponised vulnerability to immediately respond to which Microsoft have confirmed is being exploited, and one which has been made Publicly Aware meaning the exact mechanism to exploit is publicly known.”

Top January Patches and Vulnerabilities

1. CCVE-2021-1647: Microsoft Defender Remote Code Execution Vulnerability

The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Although this should be updated automatically, if you have installed another Antivirus Solution which has disabled Microsoft Defender, it’s own update mechanism may not run and there you could still be vulnerable.

Vendor Severity: Critical
CVSS: 7.8
Weaponized: Yes
Syxscore Risk Alert:

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Jump Point: No

2. CCVE-2021-1648: Microsoft splwow64 Elevation of Privilege Vulnerability

SPLWOW64.exe is a Windows process that runs when using 32-bit printer drivers on 64 bit Windows operating systems. Although most operating systems in use are 64bit, most legacy software will still need to use a 32bit driver.

Vendor Severity: Important
CVSS: 7.8
Publicly Aware: Yes
Syxscore Risk Alert:

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Jump Point: No

3. CVE-2021-1691: Hyper-V Denial of Service Vulnerability

We know some organisations are using Hyper-V to setup secure stations (aka sandbox) back to corporate networks since the beginning of the lockdown. This vulnerability impacts both Window10 and Windows Server OS.

Vendor Severity: Important
CVSS: 7.7
Syxscore Risk Alert:

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Jump Point: Yes

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Countermeasure Publicly Aware Weaponised Syxsense Recommended
CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability Critical 7.8 No No Yes Yes
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability Important 8.8 No No No Yes
CVE-2021-1669 Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability Important 8.8 No No No Yes
CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2021-1691 Hyper-V Denial of Service Vulnerability Important 7.7 No No No Yes
CVE-2021-1692 Hyper-V Denial of Service Vulnerability Important 7.7 No No No Yes
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability Important 8.8 No No No
CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8 No No No
CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability Important 8 No No No
CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability Important 8 No No No
CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1697 Windows Install Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1681 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1686 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1687 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1690 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability Important 7.7 No No No
CVE-2021-1723 .NET Core and Visual Studio Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability Important 7.5 No No No
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability Important 7.3 No No No
CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability Important 7 No No No
CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability Important 6.6 No No No
CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability Important 6.5 No No No
CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability Important 5.7 No No No
CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability Important 5.5 No No No
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability Important 5.5 No No No
CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability Important 5 No No No
CVE-2021-1645 Windows Docker Information Disclosure Vulnerability Important 5 No No No
CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability Important 4.6 No No No
CVE-2021-1678 NTLM Security Feature Bypass Vulnerability Important 4.3 No No No

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply