Microsoft released January 2021 security updates on Tuesday which fix 83 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Repository, ASP.NET core & .NET core, Azure Active Directory Pod Identity, Microsoft Bluetooth Driver, Microsoft DTV-DVD Video Decoder, Microsoft Edge (HTML-based), Microsoft Graphics Component, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft RPC, Microsoft Windows, Microsoft Windows Codecs Library, Microsoft Windows DNS, SQL Server, Visual Studio, Windows AppX Deployment Extensions, Windows CryptoAPI, Windows CSC Service, Windows Diagnostic Hub, Windows DP API, Windows Event Logging Service, Windows Event Tracing, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Media, Windows NTLM, Windows Print Spooler Components, Windows Projected File System Filter Driver, Windows Remote Desktop, Windows Remote Procedure Call Runtime, Windows splwow64, Windows TPM Device Driver, Windows Update Stack, and Windows WalletService.
Description of Critical and Important Vulnerabilities
Some critical and important vulnerabilities are described as follows:
- Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-1647)
This vulnerability was in the 0-day state and was found exploited in the wild. Its impact traces back to certain versions of Windows 2008. Remote attackers could exploit this vulnerability to execute arbitrary code on the computer. Microsoft indicated that users can protect against this vulnerability without additional update measures. The update for this vulnerability is part of updates released by Microsoft regularly for its anti-malware products.
- Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2021-1707)
Microsoft SharePoint contains several important vulnerabilities. The most noteworthy vulnerability is CVE-2021-1707 which allows attackers, by taking advantage of the logged-in user that has proper privileges, to gain access to create SharePoint websites and remotely execute arbitrary code in the kernel.
- Windows Win32k Privilege Escalation Vulnerability (CVE-2021-1709)
The Win32k system process contains another important vulnerability (CVE-2021-1709) which requires no user interaction. Attackers could exploit this local computer for privilege escalation and execute other attacks with these privileges.
- Microsoft splwow64 Elevation of Privilege Vulnerability (CVE-2021-1648)
Before this vulnerability CVE-2021-1648 is discovered, researchers from ZDI and Google found the vulnerability CVE-2020-0986 and submitted it to Microsoftware. After the first round of remediation of this vulnerability, researchers found that patches introduced a new out-of-bounds read condition that can lead to privilege escalation. The two vulnerabilities are fixed in patches released in January. As the vulnerability CVE-2021-1648 has been exploited in the wild, it is highly likely that this vulnerability CVE-2020-0986 has also been exploited in the wild too.
The following tables list the affected software details for the vulnerability.
|Product||KB Article||Severity||Impact||Supersedence||CVSS Score Set||Restart Required|
|Bot Framework SDK for .NET Framework||Advisory Security Update||Important||Information Disclosure||Base: 5.5|
|Bot Framework SDK for Python||Advisory Security Update||Important||Information Disclosure||Base: 5.5|
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.