In the current crop of 83, 10 vulnerabilities are critical and 73 are rated important. One of these bugs (CVE-2021-1648) is publicly known, according to Microsoft, while another, a remote-code execution hole (CVE-2021-1647) in the Windows Defender security system, is actively being exploited.There are patches for Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.
CVE-2021-1647 is a Microsoft Defender remote code execution (RCE) vulnerability. In a blog post, Zero Day Initiative's Dustin Childs speculates that the flaw, which for some may already have been patched automatically, could have played a role in the SolarWinds fiasco.
Microsoft patches another 83 security bugs
Posted on Wednesday, January 13 2021 @ 13:51 CET by Thomas De Maesschalck