Recently, Microsoft has released security updates for 83 flaws in total on the first Patch Tuesday of 2021. The fixes for vulnerabilities range for nearly 11 products and services, including an exploited zero-day vulnerability in Microsoft Defender.
Among 83 bugs, the ten bugs are critical, whereas 73 are important in severity. The security patches cover Windows OS, Edge browser, Visual Studio, ASP .Net, .Net Repository, .Net Core, Malware Protection Engine, SQL Server, Office, and Azure. Microsoft points out in its patch documentation that nothing else requires after the installation of the update.
Like other tech companies, Microsoft routinely releases security patches and updates for its software. Not only does it ensure the protection of devices, but it also keeps up its devices with the latest features. Cybercriminals often leverage the vulnerabilities in software for exploitation. In a few cases, they lock the devices until the victim side pays the ransom.
Defender Zero-Day Vulnerability
The existing vulnerability in a device or system is the name of a zero-day vulnerability that has not been patched after disclosure. When you do not subscribe to antivirus software, it is the Microsoft Defender that protects your device from known threats. Ever since the discovery of a zero-day vulnerability in Microsoft Defender, it kept raised severe alarm bells. To fix this zero-day flaw, Microsoft just issued a security Patch Tuesday of 2021.
The most stringent issue is an RCE (remote code execution) flaw in Microsoft Defender identified as CVE-2021-1647. It exists in Server 2008 through 2019 and Windows 7 through Windows 10. It is this flaw that enables cybercriminals to infect systems with arbitrary code. For this reason, Microsoft has begun to push the update to its users. Nevertheless, hackers have already milked the RCE bug identified in Microsoft Defender. The bug opens a way for hackers to mislead users into opening a file containing malicious code. The code can range from malware to ransomware.
Patch Tuesday of 2021 also fixes a privilege escalation bug (CVE-2021-1648). It was introduced by a preceding patch in the Print Spooler API / GDI Print and revealed by Google Project Zero a month ago.
Besides, Microsoft has tackled some other vulnerabilities, including Microsoft Edge browser’s memory corruption flaws (CVE-2021-1705), Remote Procedure Call Runtime’s RCE flaws, etc.
2021 Might Give High Volumes of Fixes
The Patch Tuesday of 2021 is significant in historical terms, even though it is lighter than many of Microsoft’s releases of 2020. It is a reasonable expectation that 2021 will also fetch high volumes of fixes because of the increasing number of ongoing cybersecurity incidents.
According to Chris Goettl, the critical vulnerabilities seem to be existing in the operating system, malware protection engine, and browser. However, it should not let one divert from the other updates. He says that the SQL, ASP .Net, and other dev tools updates are only fixing essential severity vulnerabilities. Essentially, an area of concern is the DevOps toolchain. The development teams need to remain aware of what tools they use. Moreover, they should be mindful of the vulnerabilities they will come across. Goettl is a senior director at Ivanti.
Final Remarks
It is critically important to keep your system up-to-date with the latest software releases. You can check updates by clicking on the Start Icon provided in the taskbar’s bottom left corner.
Do you want to optimize your system to enhance the overall security posture to keep cybercriminals from accessing your network? Phishing Attack Simulation is the ultimate solution to achieve it.
References
Learn how to update Microsoft patch
Zero-day vulnerability explained
Detailed understanding of patch Tuesday of 2021
