Microsoft January 2021 Patch Tuesday

Published: 2021-01-12
Last Updated: 2021-01-12 18:45:18 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 83 vulnerabilities. Of these, 10 are critical, one was previously disclosed, and one is already being exploited according to Microsoft.

Amongst critical vulnerability, let’s start with the already being exploited CVE-2021-1647. It is related to a remote code execution (RCE) vulnerability affecting Microsoft Defender until version 1.1.17600. The CVSS for this vulnerability is 7.80.

There is also a RCE on Windows RPC Runtime (CVE-2021-1658). According to the advisory, it requires no user interaction, low privileges, and low attack complexity. This vulnerability had the highest CVSS score for this month: 8.80.

And finally, the previously disclosed one is a privilege escalation vulnerability affecting splwow64 (CVE-2021-1648). This zero-day has been publicly disclosed Google Project Zero (PZ2096) and the Zero Day Initiative (ZDI-CAN-11349 through 11351). According to ZDI advisory, the specific issue that may result in privilege escalation exists within the user-mode printer driver host process splwow64.exe due to lack of proper validation of user-supplied data. CVSS: 7.80.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

January 2021 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723 No No Less Likely Less Likely Important 7.5 6.5
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649 No No Less Likely Less Likely Important 7.8 6.8
Azure Active Directory Pod Identity Spoofing Vulnerability
CVE-2021-1677 No No Less Likely Less Likely Important 5.5 4.8
Bot Framework SDK Information Disclosure Vulnerability
CVE-2021-1725 No No Less Likely Less Likely Important 5.5 4.8
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1680 No No Less Likely Less Likely Important 7.8 6.8
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665 No No Less Likely Less Likely Critical 7.8 6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-1644 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1643 No No Less Likely Less Likely Critical 7.8 7.0
Hyper-V Denial of Service Vulnerability
CVE-2021-1691 No No Less Likely Less Likely Important 7.7 6.7
CVE-2021-1692 No No Less Likely Less Likely Important 7.7 6.7
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668 No No Less Likely Less Likely Critical 7.8 6.8
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 No Yes Detected Detected Critical 7.8 7.0
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2021-1705 No No Less Likely Less Likely Critical 4.2 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1713 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1714 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-1711 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636 No No Less Likely Less Likely Important 8.8 7.7
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-1712 No No Less Likely Less Likely Important 8.0 7.0
CVE-2021-1719 No No Less Likely Less Likely Important 8.0 7.0
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-1707 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Server Tampering Vulnerability
CVE-2021-1718 No No Less Likely Less Likely Important 8.0 7.0
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1641 No No Less Likely Less Likely Important 4.6 4.0
CVE-2021-1717 No No Less Likely Less Likely Important 4.6 4.0
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-1710 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1716 No No Less Likely Less Likely Important 7.8 6.8
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1648 Yes No Less Likely Less Likely Important 7.8 7.0
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678 No No Less Likely Less Likely Important 4.3 3.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1658 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1660 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1664 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1666 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1667 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1671 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1673 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1700 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1701 No No Less Likely Less Likely Important 8.8 7.7
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656 No No Less Likely Less Likely Important 5.5 4.8
Visual Studio Remote Code Execution Vulnerability
CVE-2020-26870 No No Less Likely Less Likely Important 7.0 6.1
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699 No No Less Likely Less Likely Important 5.5 4.8
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2021-1642 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1685 No No Less Likely Less Likely Important 7.3 6.4
Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1683 No No Less Likely Less Likely Important 5.0 4.4
CVE-2021-1684 No No Less Likely Less Likely Important 5.0 4.4
CVE-2021-1638 No No Less Likely Less Likely Important 7.7 6.7
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1652 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1653 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1654 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1655 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1659 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1688 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1693 No No Less Likely Less Likely Important 7.8 6.8
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679 No No Less Likely Less Likely Important 6.5 5.7
Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1637 No No Less Likely Less Likely Important 5.5 4.8
Windows Docker Information Disclosure Vulnerability
CVE-2021-1645 No No Less Likely Less Likely Important 5.0 4.4
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2021-1703 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1662 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657 No No Less Likely Less Likely Important 7.8 6.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708 No No Less Likely Less Likely Important 5.7 5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696 No No Less Likely Less Likely Important 5.5 4.8
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704 No No Less Likely Less Likely Important 7.3 6.4
Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-1697 No No Less Likely Less Likely Important 7.8 6.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-1682 No No Less Likely Less Likely Important 7.0 6.1
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706 No No Less Likely Less Likely Important 7.3 6.4
Windows Multipoint Management Elevation of Privilege Vulnerability
CVE-2021-1689 No No Less Likely Less Likely Important 7.8 6.8
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676 No No Less Likely Less Likely Important 5.5 4.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695 No No Less Likely Less Likely Important 7.8 6.8
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-1663 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-1670 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-1672 No No Less Likely Less Likely Important 5.5 4.8
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674 No No Less Likely Less Likely Important 8.8 7.7
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669 No No Less Likely Less Likely Important 8.8 7.7
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702 No No Less Likely Less Likely Important 7.8 6.8
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1650 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694 No No Less Likely Less Likely Important 7.5 6.5
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1646 No No Less Likely Less Likely Important 6.6 5.8
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-1681 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1686 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1687 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1690 No No Less Likely Less Likely Important 7.8 6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709 No No More Likely More Likely Important 7.0 6.1

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives