Friday, January 22, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

January 14, 2021
in Internet Privacy
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.

The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure. Of these 83 bugs, 10 are listed as Critical, and 73 are listed as Important in severity.

You might also like

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!

Importance of Application Security and Customer Data Protection to a Startup

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

The most severe of the issues is a remote code execution (RCE) flaw in Microsoft Defender (CVE-2021-1647) that could allow attackers to infect targeted systems with arbitrary code.

Microsoft Malware Protection Engine (mpengine.dll) provides the scanning, detection, and cleaning capabilities for Microsoft Defender antivirus and antispyware software. The last version of the software affected by the flaw is 1.1.17600.5, before it was addressed in version 1.1.17700.4.

The bug is also known to have been actively exploited in the wild, although details are scarce on how widespread the attacks are or how this is being exploited. It’s also a zero-click flaw in that the vulnerable system can be exploited without any interaction from the user.

Microsoft said that despite active exploitation, the technique is not functional in all situations and that the exploit is still considered to be at a proof-of-concept level, with substantial modifications required for it to work effectively.

What’s more, the flaw may already be resolved as part of automatic updates to the Malware Protection Engine — which it typically releases once a month or as when required to safeguard against newly discovered threats — unless the systems are not connected to the Internet.

“For organizations that are configured for automatic updating, no actions should be required, but one of the first actions a threat actor or malware will try to attempt is to disrupt threat protection on a system so definition and engine updates are blocked,” said Chris Goettl, senior director of product management and security at Ivanti.

Tuesday’s patch also rectifies a privilege escalation flaw (CVE-2021-1648) introduced by a previous patch in the GDI Print / Print Spooler API (“splwow64.exe”) that was disclosed by Google Project Zero last month after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.

Other vulnerabilities fixed by Microsoft include a memory corruption flaws in Microsoft Edge browser (CVE-2021-1705), a Windows Remote Desktop Protocol Core Security feature bypass flaw (CVE-2021-1674, CVSS score 8.8), and five critical RCE flaws in Remote Procedure Call Runtime.

To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Everledger and Rare Carat continue partnership for blockchain diamond provenance

Next Post

WhatsApp says: No, we can't see your private messages - and neither can Facebook

Related Posts

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!
Internet Privacy

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!

January 22, 2021
Importance of Application Security and Customer Data Protection to a Startup
Internet Privacy

Importance of Application Security and Customer Data Protection to a Startup

January 22, 2021
Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet
Internet Privacy

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

January 22, 2021
MrbMiner Crypto-Mining Malware Links to Iranian Software Company
Internet Privacy

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

January 22, 2021
Here’s How SolarWinds Hackers Stayed Undetected for Long Enough
Internet Privacy

Here’s How SolarWinds Hackers Stayed Undetected for Long Enough

January 21, 2021
Next Post
WhatsApp says: No, we can’t see your private messages – and neither can Facebook

WhatsApp says: No, we can't see your private messages - and neither can Facebook

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ransomware victims aren’t reporting attacks to police. That’s causing a big problem
Internet Security

Hackers publish thousands of files after government agency refuses to pay ransom

January 22, 2021
Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!
Internet Privacy

Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With!

January 22, 2021
Remote Learning Boosting Adoption of Innovative Technologies for Education 
Artificial Intelligence

Remote Learning Boosting Adoption of Innovative Technologies for Education 

January 22, 2021
Machine Learning & Big Data Analytics Education Market 2026| Querium • Knewton • Third Space Learning • Blackboard • Fishtree • Cognizant
Machine Learning

Machine Learning & Big Data Analytics Education Market 2026| Querium • Knewton • Third Space Learning • Blackboard • Fishtree • Cognizant

January 22, 2021
Windows RDP servers are being abused to amplify DDoS attacks
Internet Security

Windows RDP servers are being abused to amplify DDoS attacks

January 22, 2021
With New Healthcare Tech Relying on Data Sharing, Trust is Required 
Artificial Intelligence

With New Healthcare Tech Relying on Data Sharing, Trust is Required 

January 22, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Hackers publish thousands of files after government agency refuses to pay ransom January 22, 2021
  • Missing Link in a ‘Zero Trust’ Security Model—The Device You’re Connecting With! January 22, 2021
  • Remote Learning Boosting Adoption of Innovative Technologies for Education  January 22, 2021
  • Machine Learning & Big Data Analytics Education Market 2026| Querium • Knewton • Third Space Learning • Blackboard • Fishtree • Cognizant January 22, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates