Microsoft Patch Tuesday January 2021 has rolled out its January security updates on this month’s patch Tuesday for 83 vulnerabilities, including a zero-day in its product line, released patches covering products such as Windows operating system, Edge browser, Microsoft Office and services, and developer tools. Out of these 10 are classified as Critical, and 73 of them have been classified as Important in severity.
The patch for actively exploited zero-day (CVE-2021-1647) vulnerability has been released by Microsoft. This publicly acknowledged zero-day vulnerability exists in Windows Defender.
Windows Defender remote code execution vulnerability | CVE-2021-1647
This zero-day in Windows Defender affects the Microsoft Windows running Microsoft Malware Protection Engine. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes a high impact (critical) when the attacker exploits it against the unpatched systems. The users can be tricked into opening a malicious document sent by the attackers targeting the unpatched systems, which leads to remote code execution. This active exploit is already disclosed and has proof of concept, making the probability even high to perform a successful attack against an unpatched system.
- On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise, including view, modify, delete the local data. While exploited against admin mode, the attacker can create new users and would be able to modify existing user privileges.
Microsoft splwow64 elevation of privilege vulnerability | CVE-2021-1648
This publicly disclosed elevation of privilege vulnerability exists in the windows core system splwow64 service. A service used by printers connected to the system for printing services. This vulnerability was raised by a bug present in the previous patch. The previous patch introduced a bug into the function responsible for checking the input strings. The bug makes the function to read Out-of-Bounds conditions. This vulnerability also falls under the category of exploited to disclosure information.
- On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise. The threat actor can extend his footprint to the network hierarchy if exploited against Windows Server Distribution.
Azure Active Directory pod identity spoofing vulnerability | CVE-2021-1677
An identity spoofing vulnerability exists in Azure Active Directory Pod Identity, enabling the users to assign identities to pods in Kubernetes clusters. Also, the users fetch the identities from the pods by requesting the Azure Instance Metadata Service (AIMS). The pods can also access the AIMS endpoint to get the identity token. The vulnerability arises at this stage, where a malicious actor can access these identities associated with the pods.
- On successful exploitation, the attacker can steal the identities associated with each pod.
- Users are recommended to re-deploy their cluster using Azure CNI instead of Kubernetes.
Microsoft SQL elevation of privilege vulnerability | CVE-2021-1636
An elevation of privilege vulnerability exists in Extended Events enabled Microsoft SQL Server. Users require extended events to monitor and troubleshoot the problems in SQL Server. Users often instruct the Extended Events to perform the required modifications on the data. The exploit is triggered when an authenticated attacker sends arbitrary code to the affected SQL server while running an Extended Events session.
- On successful exploitation, the authenticated low privilege attackers can acquire the admin-level privileges, which led to full system compromise. It requires that each affected server version requires different patches to be applied.
Microsoft security bulletin summary for January 2021
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Visual Studio
- SQL Server
- Microsoft Malware Protection Engine
- .NET Core
- .NET Repository
- ASP .NET
Product: Microsoft Windows
CVEs/Advisory: CVE-2021-1637, CVE-2021-1638, CVE-2021-1642, CVE-2021-1645, CVE-2021-1646, CVE-2021-1648, CVE-2021-1649, CVE-2021-1650, CVE-2021-1651, CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1656, CVE-2021-1657, CVE-2021-1658, CVE-2021-1659, CVE-2021-1660, CVE-2021-1661, CVE-2021-1662, CVE-2021-1663, CVE-2021-1664, CVE-2021-1665, CVE-2021-1666, CVE-2021-1667, CVE-2021-1668, CVE-2021-1669, CVE-2021-1670, CVE-2021-1671, CVE-2021-1672, CVE-2021-1673, CVE-2021-1674, CVE-2021-1676, CVE-2021-1678, CVE-2021-1679, CVE-2021-1680, CVE-2021-1681, CVE-2021-1682, CVE-2021-1683, CVE-2021-1684, CVE-2021-1685, CVE-2021-1686, CVE-2021-1687, CVE-2021-1688, CVE-2021-1689, CVE-2021-1690, CVE-2021-1691, CVE-2021-1692, CVE-2021-1693, CVE-2021-1694, CVE-2021-1695, CVE-2021-1696, CVE-2021-1697, CVE-2021-1699, CVE-2021-1700, CVE-2021-1701, CVE-2021-1702, CVE-2021-1703, CVE-2021-1704, CVE-2021-1706, CVE-2021-1708, CVE-2021-1709, CVE-2021-1710
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing
KBs: 4598229, 4598230, 4598231, 4598242, 4598243, 4598245, 4598275, 4598278, 4598285, 4598297
Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2021-1641, CVE-2021-1707, CVE-2021-1711, CVE-2021-1712, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716, CVE-2021-1717, CVE-2021-1718, CVE-2021-1719
Impact: Elevation of Privilege, Remote Code Execution, Spoofing, Tampering
KBs: 4486683, 4486724, 4486736, 4486755, 4486759, 4486762, 4486764, 4493142, 4493143, 4493145, 4493156, 4493160, 4493161, 4493162, 4493163, 4493165, 4493167, 4493168, 4493171, 4493175, 4493176, 4493178, 4493181, 4493183, 4493186, 4493187
Product: Developer Tools(Visual Studio, .NET Core, .NET Framework, SDK (Python, JS, .NET Framework))
CVEs/Advisory: CVE-2020-26870, CVE-2021-1651, CVE-2021-1680, CVE-2021-1723, CVE-2021-1725
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service
Product: Microsoft Malware Protection Engine
Impact: Remote Code Execution