Patch Tuesday: Microsoft Security Bulletin Summary for January 2021

Patch Tuesday: Microsoft Security Bulletin Summary for January 2021

Microsoft has rolled out its January security updates on this month’s patch Tuesday for 83 vulnerabilities, including a zero-day in its product line, released patches covering products such as Windows operating system, Edge browser, Microsoft Office and services, and developer tools. Out of these 10 are classified as Critical, and 73 of them have been classified as Important in severity.

The patch for actively exploited zero-day (CVE-2021-1647) vulnerability has been released by Microsoft. This publicly acknowledged zero-day vulnerability exists in Windows Defender.


Zero-day vulnerability

Windows Defender remote code execution vulnerability | CVE-2021-1647

This zero-day in Windows Defender affects the Microsoft Windows running Microsoft Malware Protection Engine. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes a high impact (critical) when the attacker exploits it against the unpatched systems. The users can be tricked into opening a malicious document sent by the attackers targeting the unpatched systems, which leads to remote code execution. This active exploit is already disclosed and has proof of concept, making the probability even high to perform a successful attack against an unpatched system.

  • On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise, including view, modify, delete the local data. While exploited against admin mode, the attacker can create new users and would be able to modify existing user privileges.

Interesting vulnerabilities

Microsoft splwow64 elevation of privilege vulnerability | CVE-2021-1648

This publicly disclosed elevation of privilege vulnerability exists in the windows core system splwow64 service. A service used by printers connected to the system for printing services. This vulnerability was raised by a bug present in the previous patch. The previous patch introduced a bug into the function responsible for checking the input strings. The bug makes the function to read Out-of-Bounds conditions. This vulnerability also falls under the category of exploited to disclosure information.

  • On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise. The threat actor can extend his footprint to the network hierarchy if exploited against Windows Server Distribution.

Azure Active Directory pod identity spoofing vulnerability | CVE-2021-1677

An identity spoofing vulnerability exists in Azure Active Directory Pod Identity, enabling the users to assign identities to pods in Kubernetes clusters. Also, the users fetch the identities from the pods by requesting the Azure Instance Metadata Service (AIMS). The pods can also access the AIMS endpoint to get the identity token. The vulnerability arises at this stage, where a malicious actor can access these identities associated with the pods.

  • On successful exploitation, the attacker can steal the identities associated with each pod.
  • Users are recommended to re-deploy their cluster using Azure CNI instead of Kubernetes.

Microsoft SQL elevation of privilege vulnerability | CVE-2021-1636

An elevation of privilege vulnerability exists in Extended Events enabled Microsoft SQL Server. Users require extended events to monitor and troubleshoot the problems in SQL Server. Users often instruct the Extended Events to perform the required modifications on the data. The exploit is triggered when an authenticated attacker sends arbitrary code to the affected SQL server while running an Extended Events session.

  • On successful exploitation, the authenticated low privilege attackers can acquire the admin-level privileges, which led to full system compromise. It requires that each affected server version requires different patches to be applied.

Microsoft security bulletin summary for January 2021

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Windows Codecs Library
  • Visual Studio
  • SQL Server
  • Microsoft Malware Protection Engine
  • .NET Core
  • .NET Repository
  • ASP .NET
  • Azure

Product: Microsoft Windows
CVEs/Advisory: CVE-2021-1637, CVE-2021-1638, CVE-2021-1642, CVE-2021-1645, CVE-2021-1646, CVE-2021-1648, CVE-2021-1649, CVE-2021-1650, CVE-2021-1651, CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1656, CVE-2021-1657, CVE-2021-1658, CVE-2021-1659, CVE-2021-1660, CVE-2021-1661, CVE-2021-1662, CVE-2021-1663, CVE-2021-1664, CVE-2021-1665, CVE-2021-1666, CVE-2021-1667, CVE-2021-1668, CVE-2021-1669, CVE-2021-1670, CVE-2021-1671, CVE-2021-1672, CVE-2021-1673, CVE-2021-1674, CVE-2021-1676, CVE-2021-1678, CVE-2021-1679, CVE-2021-1680, CVE-2021-1681, CVE-2021-1682, CVE-2021-1683, CVE-2021-1684, CVE-2021-1685, CVE-2021-1686, CVE-2021-1687, CVE-2021-1688, CVE-2021-1689, CVE-2021-1690, CVE-2021-1691, CVE-2021-1692, CVE-2021-1693, CVE-2021-1694, CVE-2021-1695, CVE-2021-1696, CVE-2021-1697, CVE-2021-1699, CVE-2021-1700, CVE-2021-1701, CVE-2021-1702, CVE-2021-1703, CVE-2021-1704, CVE-2021-1706, CVE-2021-1708, CVE-2021-1709, CVE-2021-1710
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing
Severity: Critical
KBs: 4598229, 4598230, 4598231, 4598242, 4598243, 4598245, 4598275, 4598278, 4598285, 4598297


Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2021-1705
Impact: Remote Code Execution
Severity: Critical
KBs: 4598229, 4598230, 4598231, 4598242, 4598243, 4598245


Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2021-1641, CVE-2021-1707, CVE-2021-1711, CVE-2021-1712, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716, CVE-2021-1717, CVE-2021-1718, CVE-2021-1719
Impact: Elevation of Privilege, Remote Code Execution, Spoofing, Tampering
Severity: Important
KBs: 4486683, 4486724, 4486736, 4486755, 4486759, 4486762, 4486764, 4493142, 4493143, 4493145, 4493156, 4493160, 4493161, 4493162, 4493163, 4493165, 4493167, 4493168, 4493171, 4493175, 4493176, 4493178, 4493181, 4493183, 4493186, 4493187


Product: Microsoft Windows Codecs Library
CVEs/Advisory: CVE-2021-1643, CVE-2021-1644
Impact: Remote Code Execution
Severity: Critical


Product: Developer Tools(Visual Studio, .NET Core, .NET Framework, SDK (Python, JS, .NET Framework))
CVEs/Advisory: CVE-2020-26870, CVE-2021-1651, CVE-2021-1680, CVE-2021-1723, CVE-2021-1725
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service
Severity: Important
KBs: 4584787


Product: SQL Server
CVEs/Advisory: CVE-2021-1636
Impact: Elevation of Privilege
Severity: Important
KBs: 4583456, 4583457, 4583458, 4583459, 4583460, 4583461, 4583462, 4583463, 4583465


Product: Azure
CVEs/Advisory: CVE-2021-1677
Impact: Spoofing
Severity: Important


Product: Microsoft Malware Protection Engine
CVEs/Advisory: CVE-2021-1647
Impact: Remote Code Execution
Severity: Critical


SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments