Microsoft Fixes Windows Defender Zero-Day Bug

Microsoft has patched a zero-day bug in Windows Defender being actively exploited in the wild, as part of its monthly update round.

The first Patch Tuesday of 2021 featured fixes for 83 vulnerabilities in Windows OS, Edge, Office, Visual Studio, .Net Core, .Net Repository, ASP .Net, Azure, Malware Protection Engine and SQL Server.

Remote code execution bug CVE-2021-1647 is the most urgent, according to Chris Goettl, director of product management for security products at Ivanti. He recommended organizations ensure their Microsoft Malware Protection Engine is version 1.1.17700.4 or higher.

“Microsoft frequently updates malware definitions and the malware protection engine and has already pushed the update to resolve the vulnerability,” Goettl explained.

“For organizations that are configured for automatic updating no actions should be required, but one of the first actions a threat actor or malware will try to attempt is to disrupt threat protection on a system so definition and engine updates are blocked.”

Another CVE high up the priority list this month is CVE-2021-1648, a bug in the Windows splwow64 service that could allow an attacker to elevate their privilege level. Although publicly disclosed last month it isn’t thought to have been exploited yet.

Experts also highlighted CVE-2021-1666 as worthy of attention: the flaw in Microsoft’s GDI+ component impacts the unsupported Windows 7 and Windows Server 2008 products, as well as newer versions.

Allan Liska, senior security architect at Recorded Future, also flagged CVE-2021-1709, an elevation of privilege vulnerability in the Win32 kernel. The bug, which affects Windows 8-10 and Windows Server 2008-2019, should be prioritized despite its “Important” rating, he argued.

“Unfortunately, this type of vulnerability is often quickly exploited by attackers,” Liska warned. “For example, CVE-2019-1458 was announced on December 10 2019, and by December 19 an attacker was seen selling an exploit for the vulnerability on underground markets.”

Elsewhere, Adobe released fixes for vulnerabilities in its Adobe Bridge, Captivate, InCopy, Campaign Classic, Animate, Illustrator and Photoshop products. There was also a critical Mozilla Thunderbird update.

What’s Hot on Infosecurity Magazine?