• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

You are here: Home / General Cyber Security News / Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

For the initial patch Tuesday of 2021, Microsoft introduced security updates addressing a complete of 83 flaws spanning as many as 11 merchandise and products and services, like an actively exploited zero-day vulnerability.

The hottest security patches go over Microsoft Windows, Edge browser, ChakraCore, Business and Microsoft Business office Products and services, and Web Apps, Visible Studio, Microsoft Malware Defense Motor, .NET Main, ASP .NET, and Azure. Of these 83 bugs, 10 are shown as Critical, and 73 are mentioned as Critical in severity.

✔ Approved Seller by TheCyberSecurity From Our Partners
F Secure Freedome Vpn 2021

Protect your online privacy and internet browsing via F-Secure Freedome VPN. F-Secure has proven to be a trustworthy company but not being connected to any government. F-Secure Freedome VPN encryptes all your connections to the internet in addition it hides your real IP address so no one will know from which location you are browsing the web. F-Secure Freedome VPN is Netflix and Amazon Prime friendly which means you can easily view the movies and series that are meant for Amercian viewers.

Get F-Secure Freedome VPN with 50% discount from our partner: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The most significant of the issues is a distant code execution (RCE) flaw in Microsoft Defender (CVE-2021-1647) that could permit attackers to infect focused methods with arbitrary code.

Microsoft Malware Protection Motor (mpengine.dll) supplies the scanning, detection, and cleansing capabilities for Microsoft Defender antivirus and antispyware program. The past version of the program afflicted by the flaw is 1.1.17600.5, ahead of it was dealt with in version 1.1.17700.4.

The bug is also acknowledged to have been actively exploited in the wild, while details are scarce on how prevalent the attacks are or how this is getting exploited. It truly is also a zero-click on flaw in that the susceptible technique can be exploited without the need of any interaction from the user.

Microsoft mentioned that in spite of lively exploitation, the system is not useful in all scenarios and that the exploit is however regarded to be at a evidence-of-concept amount, with sizeable modifications expected for it to get the job done properly.

What is more, the flaw may already be fixed as part of automatic updates to the Malware Protection Motor — which it ordinarily releases the moment a month or as when required to safeguard versus recently uncovered threats — unless of course the programs are not linked to the Internet.

“For businesses that are configured for automated updating, no actions need to be demanded, but 1 of the very first steps a menace actor or malware will check out to attempt is to disrupt danger security on a method so definition and motor updates are blocked,” explained Chris Goettl, senior director of solution administration and security at Ivanti.

Tuesday’s patch also rectifies a privilege escalation flaw (CVE-2021-1648) released by a past patch in the GDI Print / Print Spooler API (“splwow64.exe”) that was disclosed by Google Job Zero previous month following Microsoft failed to rectify it within 90 times of dependable disclosure on September 24.

Other vulnerabilities fixed by Microsoft involve a memory corruption flaws in Microsoft Edge browser (CVE-2021-1705), a Windows Distant Desktop Protocol Core Security aspect bypass flaw (CVE-2021-1674, CVSS score 8.8), and 5 critical RCE flaws in Distant Technique Call Runtime.

To install the most up-to-date security updates, Windows people can head to Get started > Configurations > Update & Security > Windows Update, or by selecting Verify for Windows updates.

Observed this write-up exciting? Observe THN on Facebook, Twitter  and LinkedIn to browse far more exceptional material we write-up.


Some components of this posting are sourced from:
thehackernews.com

Previous Post: «Ubiquiti Urges Password Reset, 2fa After Breach Ubiquiti urges password reset, 2fa after breach

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
  • Ubiquiti urges password reset, 2fa after breach
  • Complexity and cost chip away at SOCs’ perceived return on investment
  • Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
  • SolarWinds attackers suspected in Microsoft authentication compromise
  • World’s Largest Illegal Dark Web Marketplace Taken Down
  • Data Breach at ‘Resident Evil’ Gaming Company Widens
  • BumbleBee Opens Exchange Servers in xHunt Spy Campaign
  • 11 Jan 2021(ISC)² Offers Online Exam Proctoring
  • 11 Jan 2021Francisco Partners Completes Forcepoint Acquisition

Copyright © TheCyberSecurity.News, All Rights Reserved.