Microsoft January 2021 Patch Tuesday
This month we got patches for 83 vulnerabilities. Of these, 10 are critical, one was previously disclosed, and one is already being exploited according to Microsoft.
Amongst critical vulnerability, let’s start with the already being exploited CVE-2021-1647. It is related to a remote code execution (RCE) vulnerability affecting Microsoft Defender until version 1.1.17600. The CVSS for this vulnerability is 7.80.
There is also a RCE on Windows RPC Runtime (CVE-2021-1658). According to the advisory, it requires no user interaction, low privileges, and low attack complexity. This vulnerability had the highest CVSS score for this month: 8.80.
And finally, the previously disclosed one is a privilege escalation vulnerability affecting splwow64 (CVE-2021-1648). This zero-day has been publicly disclosed Google Project Zero (PZ2096) and the Zero Day Initiative (ZDI-CAN-11349 through 11351). According to ZDI advisory, the specific issue that may result in privilege escalation exists within the user-mode printer driver host process splwow64.exe due to lack of proper validation of user-supplied data. CVSS: 7.80.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
January 2021 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| ASP.NET Core and Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2021-1723 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Active Template Library Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1649 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Azure Active Directory Pod Identity Spoofing Vulnerability | |||||||
| CVE-2021-1677 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Bot Framework SDK Information Disclosure Vulnerability | |||||||
| CVE-2021-1725 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1651 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1680 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| GDI+ Remote Code Execution Vulnerability | |||||||
| CVE-2021-1665 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||||
| CVE-2021-1644 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1643 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
| Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2021-1691 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
| CVE-2021-1692 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
| Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | |||||||
| CVE-2021-1668 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| Microsoft Defender Remote Code Execution Vulnerability | |||||||
| CVE-2021-1647 | No | Yes | Detected | Detected | Critical | 7.8 | 7.0 |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | |||||||
| CVE-2021-1705 | No | No | Less Likely | Less Likely | Critical | 4.2 | 3.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2021-1713 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1714 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2021-1711 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft SQL Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1636 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1712 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| CVE-2021-1719 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2021-1707 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
| Microsoft SharePoint Server Tampering Vulnerability | |||||||
| CVE-2021-1718 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
| Microsoft SharePoint Spoofing Vulnerability | |||||||
| CVE-2021-1641 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
| CVE-2021-1717 | No | No | Less Likely | Less Likely | Important | 4.6 | 4.0 |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
| CVE-2021-1710 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2021-1715 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1716 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft splwow64 Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1648 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| NTLM Security Feature Bypass Vulnerability | |||||||
| CVE-2021-1678 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.8 |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||||
| CVE-2021-1658 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| CVE-2021-1660 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| CVE-2021-1664 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2021-1666 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| CVE-2021-1667 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| CVE-2021-1671 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2021-1673 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| CVE-2021-1700 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| CVE-2021-1701 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| TPM Device Driver Information Disclosure Vulnerability | |||||||
| CVE-2021-1656 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2020-26870 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows (modem.sys) Information Disclosure Vulnerability | |||||||
| CVE-2021-1699 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1642 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1685 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Windows Bluetooth Security Feature Bypass Vulnerability | |||||||
| CVE-2021-1683 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
| CVE-2021-1684 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
| CVE-2021-1638 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
| Windows CSC Service Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1652 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1653 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1654 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1655 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1659 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1688 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1693 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows CryptoAPI Denial of Service Vulnerability | |||||||
| CVE-2021-1679 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| Windows DNS Query Information Disclosure Vulnerability | |||||||
| CVE-2021-1637 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Docker Information Disclosure Vulnerability | |||||||
| CVE-2021-1645 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.4 |
| Windows Event Logging Service Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1703 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1662 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Fax Compose Form Remote Code Execution Vulnerability | |||||||
| CVE-2021-1657 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows GDI+ Information Disclosure Vulnerability | |||||||
| CVE-2021-1708 | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
| Windows Graphics Component Information Disclosure Vulnerability | |||||||
| CVE-2021-1696 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1704 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Windows InstallService Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1697 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1661 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1682 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows LUAFV Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1706 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.4 |
| Windows Multipoint Management Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1689 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability | |||||||
| CVE-2021-1676 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1695 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |||||||
| CVE-2021-1663 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| CVE-2021-1670 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| CVE-2021-1672 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability | |||||||
| CVE-2021-1674 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||||
| CVE-2021-1669 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
| Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1702 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1650 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1694 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| Windows WLAN Service Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1646 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 |
| Windows WalletService Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1681 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1686 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1687 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2021-1690 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2021-1709 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Keywords:
0 comment(s)ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324
×
![modal content]()
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago