Thursday 14 January 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Visual Studio
- SQL Server
- Microsoft Malware Protection Engine
- .NET Core
- .NET Repository
- ASP .NET
What you need to know:
Microsoft released security updates for the year’s first Patch Tuesday. This addresses 83 vulnerabilities across 11 products and services including an actively exploited remote code execution zero-day vulnerability in Microsoft Defender (CVE-2021-1647).
Actions to be taken:
Microsoft said that despite active exploitation, the technique is not operational in all scenarios and that the exploit is still considered to be at a proof-of-concept level, with considerable modifications required for it to work effectively.
Moreover, the vulnerabilities may already be resolved by automatic updates.