⚡ TL;DR | Go Straight to the January 2021 Patch Tuesday Audit Report.
It's the first Patch Tuesday of 2021 and Microsoft already patched 83 vulnerabilities (10 who are critical) as well as the Microsoft Defender zero-day.
The vulnerabilities are found across a wide range of Microsoft products: Microsoft Office (and Office Services), SQL Server, Microsoft Edge, .NET Repository, Azure, Visual Studio, Microsoft Malware Protection Engine, Microsoft Windows Codecs Library, .NET core and Microsoft Windows.
There were different types of vulnerabilities this month: a mere 41 % was an Elevation of Privilege, 29 % was a Remote Code Execution, 13 % was Information Disclosure, 7 % was a Security Feature Bypass, 5 % was a Denial of Service, 4 % was Spoofing and 1 % was Tampering.
Microsoft Windows Defender Zero-Day
Dubbed CVE-2021-1647, the zero-day vulnerability found in Microsoft Defender is a Remote Code Execution bug. Microsoft stated that this vulnerability already had been exploited. This bug tricks users into opening malware on a Windows system with Defender installed.
Microsoft stated that the Remote Code Execution doesn't work in every situation, they still research for proof to see where else attackers can exploit it. To act proactive, Microsoft also released patches for their Microsoft Malware Protection Engine which will be installed automatically.
Microsoft splwow64 - CVE-2021-1648
They also fixed an Elevation of Privilege vulnerability within the Windows print driver service splwow64 (CVE-2021-1648). It was the Zero-Day Initiative that made the bug public on December 15 2020 but because of issues with testing, Microsoft decided to implement it in the Patch Tuesday of January 2021.
In combination with other vulnerabilities, an attacker could use arbitrary code execution that results in complete access to the infected system. Microsoft says that it hasn't been exploited in the wild (for now) so it's advisable to patch all your systems now.
Remote Code Execution Vulnerability
There are a few Remote Code Execution (RCE) vulnerabilities within the remote procedure call runtime in Windows. An attacker could then run a custom application to take complete control over the infected system.
CVE-2021-1701, CVE-2021-1667, CVE-2021-1671, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1660 , CVE-2021-1700, CVE-2021-1673 and CVE-2021-1658 isn't that easily exploited according to Microsoft because a hacker will need network access and a user account with certain privileges.
Adobe Flash Player End of Life
As described in our Flash Player End of Life blog, from January 12 onward Adobe will block Flash content from running in the Flash Player application. Because of it's reputation as a "popular entrance" for hackers, IT'ers around the world are happy with this news.
Run the Patch Tuesday January 2021 Audit Report
Just like the previous months, our experts created a Patch Tuesday (January 2021) audit Report that checks if the assets in your network are on the latest patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.