Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft January 2021 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft January 2021 Patch Tuesday

This month we got patches for 83 vulnerabilities. Of these, 10 are critical, one was previously disclosed, and one is already being exploited according to Microsoft.

Amongst critical vulnerability, let’s start with the already being exploited CVE-2021-1647. It is related to a remote code execution (RCE) vulnerability affecting Microsoft Defender until version 1.1.17600. The CVSS for this vulnerability is 7.80.

There is also a RCE on Windows RPC Runtime (CVE-2021-1658). According to the advisory, it requires no user interaction, low privileges, and low attack complexity. This vulnerability had the highest CVSS score for this month: 8.80.

And finally, the previously disclosed one is a privilege escalation vulnerability affecting splwow64 (CVE-2021-1648). This zero-day has been publicly disclosed Google Project Zero (PZ2096) and the Zero Day Initiative (ZDI-CAN-11349 through 11351). According to ZDI advisory, the specific issue that may result in privilege escalation exists within the user-mode printer driver host process splwow64.exe due to lack of proper validation of user-supplied data. CVSS: 7.80.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

January 2021 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723 No No Less Likely Less Likely Important 7.5 6.5
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649 No No Less Likely Less Likely Important 7.8 6.8
Azure Active Directory Pod Identity Spoofing Vulnerability
CVE-2021-1677 No No Less Likely Less Likely Important 5.5 4.8
Bot Framework SDK Information Disclosure Vulnerability
CVE-2021-1725 No No Less Likely Less Likely Important 5.5 4.8
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1680 No No Less Likely Less Likely Important 7.8 6.8
GDI+ Remote Code Execution Vulnerability
CVE-2021-1665 No No Less Likely Less Likely Critical 7.8 6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-1644 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1643 No No Less Likely Less Likely Critical 7.8 7.0
Hyper-V Denial of Service Vulnerability
CVE-2021-1691 No No Less Likely Less Likely Important 7.7 6.7
CVE-2021-1692 No No Less Likely Less Likely Important 7.7 6.7
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1668 No No Less Likely Less Likely Critical 7.8 6.8
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 No Yes Detected Detected Critical 7.8 7.0
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2021-1705 No No Less Likely Less Likely Critical 4.2 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-1713 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1714 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-1711 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636 No No Less Likely Less Likely Important 8.8 7.7
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-1712 No No Less Likely Less Likely Important 8.0 7.0
CVE-2021-1719 No No Less Likely Less Likely Important 8.0 7.0
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-1707 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Server Tampering Vulnerability
CVE-2021-1718 No No Less Likely Less Likely Important 8.0 7.0
Microsoft SharePoint Spoofing Vulnerability
CVE-2021-1641 No No Less Likely Less Likely Important 4.6 4.0
CVE-2021-1717 No No Less Likely Less Likely Important 4.6 4.0
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-1710 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Remote Code Execution Vulnerability
CVE-2021-1715 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1716 No No Less Likely Less Likely Important 7.8 6.8
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1648 Yes No Less Likely Less Likely Important 7.8 7.0
NTLM Security Feature Bypass Vulnerability
CVE-2021-1678 No No Less Likely Less Likely Important 4.3 3.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2021-1658 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1660 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1664 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1666 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1667 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1671 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1673 No No Less Likely Less Likely Critical 8.8 7.7
CVE-2021-1700 No No Less Likely Less Likely Important 8.8 7.7
CVE-2021-1701 No No Less Likely Less Likely Important 8.8 7.7
TPM Device Driver Information Disclosure Vulnerability
CVE-2021-1656 No No Less Likely Less Likely Important 5.5 4.8
Visual Studio Remote Code Execution Vulnerability
CVE-2020-26870 No No Less Likely Less Likely Important 7.0 6.1
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1699 No No Less Likely Less Likely Important 5.5 4.8
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2021-1642 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1685 No No Less Likely Less Likely Important 7.3 6.4
Windows Bluetooth Security Feature Bypass Vulnerability
CVE-2021-1683 No No Less Likely Less Likely Important 5.0 4.4
CVE-2021-1684 No No Less Likely Less Likely Important 5.0 4.4
CVE-2021-1638 No No Less Likely Less Likely Important 7.7 6.7
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2021-1652 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1653 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1654 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1655 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1659 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1688 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1693 No No Less Likely Less Likely Important 7.8 6.8
Windows CryptoAPI Denial of Service Vulnerability
CVE-2021-1679 No No Less Likely Less Likely Important 6.5 5.7
Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1637 No No Less Likely Less Likely Important 5.5 4.8
Windows Docker Information Disclosure Vulnerability
CVE-2021-1645 No No Less Likely Less Likely Important 5.0 4.4
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2021-1703 No No Less Likely Less Likely Important 7.8 6.8
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-1662 No No Less Likely Less Likely Important 7.8 6.8
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657 No No Less Likely Less Likely Important 7.8 6.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2021-1708 No No Less Likely Less Likely Important 5.7 5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1696 No No Less Likely Less Likely Important 5.5 4.8
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1704 No No Less Likely Less Likely Important 7.3 6.4
Windows InstallService Elevation of Privilege Vulnerability
CVE-2021-1697 No No Less Likely Less Likely Important 7.8 6.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-1661 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-1682 No No Less Likely Less Likely Important 7.0 6.1
Windows LUAFV Elevation of Privilege Vulnerability
CVE-2021-1706 No No Less Likely Less Likely Important 7.3 6.4
Windows Multipoint Management Elevation of Privilege Vulnerability
CVE-2021-1689 No No Less Likely Less Likely Important 7.8 6.8
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
CVE-2021-1676 No No Less Likely Less Likely Important 5.5 4.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2021-1695 No No Less Likely Less Likely Important 7.8 6.8
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
CVE-2021-1663 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-1670 No No Less Likely Less Likely Important 5.5 4.8
CVE-2021-1672 No No Less Likely Less Likely Important 5.5 4.8
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
CVE-2021-1674 No No Less Likely Less Likely Important 8.8 7.7
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669 No No Less Likely Less Likely Important 8.8 7.7
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1702 No No Less Likely Less Likely Important 7.8 6.8
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1650 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1694 No No Less Likely Less Likely Important 7.5 6.5
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1646 No No Less Likely Less Likely Important 6.6 5.8
Windows WalletService Elevation of Privilege Vulnerability
CVE-2021-1681 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1686 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1687 No No Less Likely Less Likely Important 7.8 6.8
CVE-2021-1690 No No Less Likely Less Likely Important 7.8 6.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1709 No No More Likely More Likely Important 7.0 6.1

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Renato

61 Posts
ISC Handler
Jan 12th 2021

Sign Up for Free or Log In to start participating in the conversation!