After already fixing 13 security bugs in the Edge browser last week, Microsoft rolled out another 83 updates yesterday for this month's dose of Patch Tuesday. Ten bugs are rated as critical and the remaining 83 are marked as important. The Register has the highlights over here.
In the current crop of 83, 10 vulnerabilities are critical and 73 are rated important. One of these bugs (CVE-2021-1648) is publicly known, according to Microsoft, while another, a remote-code execution hole (CVE-2021-1647) in the Windows Defender security system, is actively being exploited.
CVE-2021-1647 is a Microsoft Defender remote code execution (RCE) vulnerability. In a blog post, Zero Day Initiative's Dustin Childs speculates that the flaw, which for some may already have been patched automatically, could have played a role in the SolarWinds fiasco.
There are patches for Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.