fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft January 2021 Patch Tuesday Fixes 83 Flaws, 1 Zero-day

Microsoft January 2021 Patch Tuesday Fixes 83 Flaws, 1 Zero-day

Today is Microsoft’s January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today.

With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important.

There is also one zero-day and one previously disclosed vulnerabilities fixed as part of the January 2021 updates.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4598229 & KB4598242 cumulative updates.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Zero-day and publicly disclosed vulnerabilities fixed

Microsoft fixed both a zero-day and a publicly disclosed vulnerability as part of the January 2021 security updates.

Microsoft states that they have fixed a zero-day Microsoft Defender remote code execution vulnerability with a CVE of CVE-2021-1647.

This zero-day vulnerability is fixed in Microsoft Malware Protection Engine version 1.1.17700.4 or later, as shown below. To check the Microsoft Defender engine’s installed version, you can use the instructions in this guide.

Patched version of the Microsoft Defender Protection Engine
Patched version of the Microsoft Defender Protection Engine

Microsoft also patched a publicly disclosed Microsoft splwow64 Elevation of Privilege vulnerability tracked as CVE-2021-1648. Google Project Zero previously disclosed this vulnerability in September 2020 under CVE-2020-0986.

Micropatch released for PsExec

This month, a free patch for privilege escalation vulnerability in Sysinternals PSExec utility was released by the 0patch service.

PsExec is a free Microsoft Sysinternals tool that allows system administrators to execute programs on remote systems. While it is not bundled with Windows, it is commonly utilized by admins and enterprise software to launch programs remotely, start updates, or perform other administrative tasks.

As it is a common program to found in enterprise environments, this vulnerability could allow attackers to elevate privileges.

Microsoft has not released an official patch for this vulnerability.

Recent updates from other companies

Other vendors who released updates in January include:

  • Adobereleased numerous fixes today for Photoshop, Illustrator, Animate, and more.
  • Android’s January security updates were released last week.
  • Apple released iOS 12.5.1 on January 11th.
  • Cisco released security updates for the  Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.
  • SAP released its January 2021 security updates.

Also Read: 10 Practical Benefits of Managed IT Services

The January 2021 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the January 2021 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET RepositoryCVE-2021-1725Bot Framework SDK Information Disclosure VulnerabilityImportant
ASP.NET core & .NET coreCVE-2021-1723ASP.NET Core and Visual Studio Denial of Service VulnerabilityImportant
Azure Active Directory Pod IdentityCVE-2021-1677Azure Active Directory Pod Identity Spoofing VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-1683Windows Bluetooth Security Feature Bypass VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-1638Windows Bluetooth Security Feature Bypass VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2021-1684Windows Bluetooth Security Feature Bypass VulnerabilityImportant
Microsoft DTV-DVD Video DecoderCVE-2021-1668Microsoft DTV-DVD Video Decoder Remote Code Execution VulnerabilityCritical
Microsoft Edge (HTML-based)CVE-2021-1705Microsoft Edge (HTML-based) Memory Corruption VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-1709Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-1696Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2021-1665GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2021-1708Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Malware Protection EngineCVE-2021-1647Microsoft Defender Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2021-1713Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1714Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1711Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1715Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2021-1716Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1712Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1707Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1718Microsoft SharePoint Server Tampering VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1717Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1719Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft Office SharePointCVE-2021-1641Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft RPCCVE-2021-1702Windows Remote Procedure Call Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1649Active Template Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1676Windows NT Lan Manager Datagram Receiver Driver Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2021-1689Windows Multipoint Management Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1657Windows Fax Compose Form Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2021-1646Windows WLAN Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1650Windows Runtime C++ Template Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1706Windows LUAFV Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2021-1699Windows (modem.sys) Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-1644HEVC Video Extensions Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2021-1643HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows DNSCVE-2021-1637Windows DNS Query Information Disclosure VulnerabilityImportant
SQL ServerCVE-2021-1636Microsoft SQL Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2020-26870Visual Studio Remote Code Execution VulnerabilityImportant
Windows AppX Deployment ExtensionsCVE-2021-1642Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Windows AppX Deployment ExtensionsCVE-2021-1685Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Windows CryptoAPICVE-2021-1679Windows CryptoAPI Denial of Service VulnerabilityImportant
Windows CSC ServiceCVE-2021-1652Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1654Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1659Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1653Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1655Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1693Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows CSC ServiceCVE-2021-1688Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-1680Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2021-1651Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows DP APICVE-2021-1645Windows Docker Information Disclosure VulnerabilityImportant
Windows Event Logging ServiceCVE-2021-1703Windows Event Logging Service Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2021-1662Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2021-1691Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2021-1704Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2021-1692Hyper-V Denial of Service VulnerabilityImportant
Windows InstallerCVE-2021-1661Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2021-1697Windows InstallService Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2021-1682Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2021-1710Microsoft Windows Media Foundation Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2021-1678NTLM Security Feature Bypass VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2021-1695Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-1663Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-1672Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows Projected File System Filter DriverCVE-2021-1670Windows Projected File System FS Filter Driver Information Disclosure VulnerabilityImportant
Windows Remote DesktopCVE-2021-1674Windows Remote Desktop Protocol Core Security Feature Bypass VulnerabilityImportant
Windows Remote DesktopCVE-2021-1669Windows Remote Desktop Security Feature Bypass VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1701Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1700Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1666Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1664Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1671Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2021-1673Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1658Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1667Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows Remote Procedure Call RuntimeCVE-2021-1660Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
Windows splwow64CVE-2021-1648Microsoft splwow64 Elevation of Privilege VulnerabilityImportant
Windows TPM Device DriverCVE-2021-1656TPM Device Driver Information Disclosure VulnerabilityImportant
Windows Update StackCVE-2021-1694Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1686Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1681Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1690Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2021-1687Windows WalletService Elevation of Privilege VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us