قالب وردپرس درنا توس
Home / Technology / Microsoft Patch Tuesday, January 2021—Krebs on Security

Microsoft Patch Tuesday, January 2021—Krebs on Security



Microsoft An update was released today to insert vulnerabilities in its more than 80 security vulnerabilities Windows Operating systems and other software, including one that is being actively used and another that has been disclosed before today. Ten of these vulnerabilities received Microsoft’s highest “critical” rating, which means that malware or malicious software can take advantage of these vulnerabilities, requiring little interaction from Windows users to remotely control unpatched systems.

Perhaps the most worrying issue in this month’s batch is a critical bug in Microsoft’s default anti-malware suite (CVE-2021

-1647)- Windows Defender -Saw active exploitation. Microsoft recently stopped providing a lot of detailed information in the vulnerability bulletin, so it is not clear how to exploit this vulnerability.

but Kevin Blaine, Research Director Immersive laboratoryAccording to different media, the vulnerability may be difficult to exploit.

He said: “It’s as simple as sending a file.” “The user doesn’t need to interact with anything because Defender will access it immediately after placing it on the system.”

Fortunately, this vulnerability may have been patched by Microsoft on the end user’s system because the company is constantly updating Defender outside of the normal monthly patching cycle.

Blaine called attention this month to another serious vulnerability-CVE-2020-1660, which is a remote code execution vulnerability in almost all Windows versions with a CVSS score of 8.8 (10 is the most dangerous).

“They classify this vulnerability as “low” complexity, which means that the attack is easy to reproduce,” Brian said. “However, they also pointed out that this possibility is unlikely to be exploited, which seems counterintuitive. Without the full context of this vulnerability, we must rely on Microsoft to make decisions for us.”

CVE-2020-1660 is actually just one of five bugs in a core Microsoft service called Microsoft Remote procedure call (RPC), this is a lot of heavy work in Windows. In the past decade, some of the more memorable computer worms have spread automatically by exploiting RPC vulnerabilities.

Allan Liska, Senior Security Architect Recorded future, He said that although there are concerns that so many vulnerabilities around the same component will be released at the same time, the two previous vulnerabilities CVE-2019-1409 and CVE-2018-8514 in RPC have not been widely exploited.

The remaining 70-plus bugs that were fixed this month received Microsoft’s poor “important” rating, which is not to say that they pay much less attention to security. For example: CVE-2021-1709, which is an “elevation of privilege” vulnerability in Windows 8 to 10 and Windows Server 2008 to 2019.

“Unfortunately, this type of vulnerability is usually quickly exploited by attackers,” Liska said. “For example, CVE-2019-1458 was announced on December 10, 2019, and by December 19, the attacker was discovered to sell the vulnerability in the underground market. Therefore, although CVE-2021-1709 was only rated [an information exposure flaw] Microsoft is responsible and priority should be given to patches. “

Trend Micro’s ZDI plan Pointed out another vulnerability marked as “important”-CVE-2021-1648, which is an elevation of privilege vulnerability in Windows 8, 10 and certain Windows Server 2012 and 2019. ZDI disclosed the vulnerability before today.

“It was also discovered by Google, probably because the patch corrected errors introduced by the previous patch,” ZDI’s Dustin Childs Said. “The previous CVE was used in the wild, so there is reason to think that this CVE will also be actively used.”

In addition, Adobe has released security updates to address at least eight vulnerabilities in a series of products, including Adobe Photoshop with Illustrator.No Flash player The update was made because Adobe deactivated the browser plug-in (Hallelujah!) in December, and Microsoft removed the program from Microsoft’s browser from the update cycle that started last month.

Windows 10 users should be aware that the operating system will immediately download and install all updates according to its own schedule, thereby closing active programs and restarting the system. If you want to ensure that Windows is set to suspend updates so that you have ample opportunity to back up your files and/or system, please refer to this guide.

Please back up your system before applying these updates. Windows 10 even has some built-in tools to help you do this, whether it’s on a per-file/folder basis or making a complete and bootable copy of the hard drive at once. You never know when a patch summary will crash your system or possibly damage important files. For those looking for more flexible and full-featured backup options (including incremental backups), Acronis and Macrium are the two that I have used before and are worth checking out.

In other words, this month’s update batch does not seem to have any major problems. But before you apply the update, please consider visiting AskWoody.com, which is usually thinner for any reports of problematic patches.

As always, if you encounter a glitch or issue while installing these patches this month, please consider leaving a comment below. Other readers have the same experience, and there may be some useful hints to attract attention. This is an excellent opportunity.

Tags: Allan Liska, AskWoody.com, CVE-2018-8514, CVE-2019-1409, CVE-2019-1458, CVE-2020-1660, CVE-2021-1647, CVE-2021- 1648, CVE-2021-1709, Dustin Childs, Immersive Lab, Kevin Breen, “The Future of Record”, Trend Micro’s ZDI Project, Windows Defender

The entry was posted on Tuesday, January 12, 2021, at 8:32 PM, under “Patch Release Time”. You can make any comments on this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Ping is currently not allowed.


Source link