January Patch Tuesday 2021 Fixes Critical Defender Bug
Microsoft Patch Tuesday Released with 83 Fixes
There are 10 Critical and 73 Important fixes this month for Microsoft Windows, Edge (Edge HTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure and another month without fixes for Internet Explorer 11.
Year 2 Extended Support approaches: Windows 7 and Windows Server 2008 (including R2) have both 5 Important vulnerabilities fixed.
Robert Brown, Head of Customer Success for Syxsense said, “This is a very reasonable sized release by Microsoft this month, which we really appreciate as everyone returns to work after the New Year holiday. We do have a Weaponised vulnerability to immediately respond to which Microsoft have confirmed is being exploited, and one which has been made Publicly Aware meaning the exact mechanism to exploit is publicly known.”
Top January Patches and Vulnerabilities
1. CCVE-2021-1647: Microsoft Defender Remote Code Execution Vulnerability
The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Although this should be updated automatically, if you have installed another Antivirus Solution which has disabled Microsoft Defender, it’s own update mechanism may not run and there you could still be vulnerable.
Vendor Severity: Critical
CVSS: 7.8
Weaponized: Yes
Syxscore Risk Alert:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Jump Point: No
2. CCVE-2021-1648: Microsoft splwow64 Elevation of Privilege Vulnerability
SPLWOW64.exe is a Windows process that runs when using 32-bit printer drivers on 64 bit Windows operating systems. Although most operating systems in use are 64bit, most legacy software will still need to use a 32bit driver.
Vendor Severity: Important
CVSS: 7.8
Publicly Aware: Yes
Syxscore Risk Alert:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Jump Point: No
3. CVE-2021-1691: Hyper-V Denial of Service Vulnerability
We know some organisations are using Hyper-V to setup secure stations (aka sandbox) back to corporate networks since the beginning of the lockdown. This vulnerability impacts both Window10 and Windows Server OS.
Vendor Severity: Important
CVSS: 7.7
Syxscore Risk Alert:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Jump Point: Yes
Syxsense Recommendations
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.
| CVE Reference | Description | Vendor Severity | CVSS Score | Countermeasure | Publicly Aware | Weaponised | Syxsense Recommended |
| CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability | Critical | 7.8 | No | No | Yes | Yes |
| CVE-2021-1648 | Microsoft splwow64 Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | Yes |
| CVE-2021-1658 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-1660 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-1666 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-1667 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-1673 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
| CVE-2021-1664 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1671 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1700 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1701 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1674 | Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1669 | Windows Remote Desktop Services ActiveX Client Security Feature Bypass Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1707 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2021-1665 | GDI+ Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-1643 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-1668 | Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2021-1691 | Hyper-V Denial of Service Vulnerability | Important | 7.7 | No | No | No | Yes |
| CVE-2021-1692 | Hyper-V Denial of Service Vulnerability | Important | 7.7 | No | No | No | Yes |
| CVE-2021-1705 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | Critical | 4.2 | No | No | No | Yes |
| CVE-2021-1636 | Microsoft SQL Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | |
| CVE-2021-1712 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | 8 | No | No | No | |
| CVE-2021-1719 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | 8 | No | No | No | |
| CVE-2021-1718 | Microsoft SharePoint Server Tampering Vulnerability | Important | 8 | No | No | No | |
| CVE-2021-1649 | Active Template Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1651 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1680 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1644 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1713 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1714 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1711 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1710 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1715 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1716 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1642 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1652 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1653 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1654 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1655 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1659 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1688 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1693 | Windows CSC Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1703 | Windows Event Logging Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1662 | Windows Event Tracing Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1657 | Windows Fax Compose Form Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1661 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1697 | Windows Install Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1689 | Windows Multipoint Management Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1695 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1702 | Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1650 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1681 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1686 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1687 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1690 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2021-1638 | Windows Bluetooth Security Feature Bypass Vulnerability | Important | 7.7 | No | No | No | |
| CVE-2021-1723 | .NET Core and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-1694 | Windows Update Stack Elevation of Privilege Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2021-1685 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | |
| CVE-2021-1704 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | |
| CVE-2021-1706 | Windows LUAFV Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | |
| CVE-2020-26870 | Visual Studio Remote Code Execution Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-1682 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-1709 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2021-1646 | Windows WLAN Service Elevation of Privilege Vulnerability | Important | 6.6 | No | No | No | |
| CVE-2021-1679 | Windows CryptoAPI Denial of Service Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2021-1708 | Windows GDI+ Information Disclosure Vulnerability | Important | 5.7 | No | No | No | |
| CVE-2021-1677 | Azure Active Directory Pod Identity Spoofing Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1725 | Bot Framework SDK Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1656 | TPM Device Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1699 | Windows (modem.sys) Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1683 | Windows Bluetooth Security Feature Bypass Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1637 | Windows DNS Query Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1696 | Windows Graphics Component Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1676 | Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1663 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1670 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1672 | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2021-1684 | Windows Bluetooth Security Feature Bypass Vulnerability | Important | 5 | No | No | No | |
| CVE-2021-1645 | Windows Docker Information Disclosure Vulnerability | Important | 5 | No | No | No | |
| CVE-2021-1641 | Microsoft SharePoint Spoofing Vulnerability | Important | 4.6 | No | No | No | |
| CVE-2021-1717 | Microsoft SharePoint Spoofing Vulnerability | Important | 4.6 | No | No | No | |
| CVE-2021-1678 | NTLM Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
