On Tuesday, January 12th, Microsoft released the first scheduled security updates for its products this year. The January patches fix a total of 83 vulnerabilities in Windows OS, cloud products, developer tools and corporate servers.

Of all the vulnerabilities patched, the most serious is the zero-day vulnerability in Microsoft Defender. CVE-2021-1647 is a remote code execution vulnerability that could allow an attacker to execute code on a system with a vulnerable Microsoft Defender, forcing a victim to open a malicious document. In order to prevent possible attacks, Microsoft has released patches for the Microsoft Malware Protection Engine.

The January patches also fix an out of bounds read vulnerability in Windows disclosed by the Trend Micro Zero-Day Initiative last month. CVE-2021-1648 allows a local attacker to disclose sensitive information.

Source: securitylab.ru