Scribd Logo
Upload

Welcome to Scribd!

  • Alert Regarding A Vulnerability in Microsoft Defender

    Uploaded by

    Min Lwin
    7 views1 page

    Original Title

    Alert Regarding a Vulnerability in Microsoft Defender

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views1 page

    Alert Regarding A Vulnerability in Microsoft Defender

    Uploaded by

    Min Lwin

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Alert Regarding a Vulnerability in Microsoft Defender (CVE-2021-1647)

    Microsoft has started rolling out earlier today its monthly set of security patches known in the
    industry as Patch Tuesday.

    In this month's updates, the Redmond-based company has patched a total of 83 vulnerabilities
    across a wide range of products, including its Windows operating system, cloud-based products,
    developer tools, and enterprise servers.

    MICROSOFT DEFENDER ZERO-DAY


    But of all the bugs patched today, the most important one is a zero-day vulnerability in the Microsoft
    Defender antivirus, which Microsoft said was exploited before today's patches were released.

    Tracked as CVE-2021-1647, the vulnerability was described as a remote code execution (RCE) bug
    that allowed threat actors to execute code on vulnerable devices where Defender is installed.
    Microsoft said that despite exploitation being detected in the wild, the technique is not functional in
    all situations, and is still considered to be at a proof-of-concept level. However, the code could
    evolve for more reliable attacks.

    To counteract future attacks, Microsoft has released patches for the Microsoft Malware Protection
    Engine, which won't require any user interaction and will be installed automatically -- unless
    specifically blocked by system administrators.

    MICROSOFT ALSO FIXES PUBLICLY DISCLOSED WINDOWS EOP BUG


    In addition to the Defender zero-day, Microsoft has also fixed a security flaw in the Windows
    splwow64 service that could be abused to elevate the privileges of an attacker's code.

    Nonetheless, system administrators are advised to revise and apply today's patches and avoid future
    headaches in case any of these vulnerabilities get weaponized and added to attackers' arsenals.

    Below are additional details about today's Microsoft Patch Tuesday and security updates released by
    other tech companies:

     Microsoft's official Security Update Guide portal lists all security updates in a filterable table.
     ZDNet has published this file listing all this month's security advisories on one single page.
     Adobe's security updates are detailed here.
     SAP security updates are available here.
     Intel security updates are available here.
     VMWare security updates are available here.
     Chrome 87 security updates are detailed here.
     Android security updates are available here.

    You might also like