Every second Tuesday of the month it's 'Patch Tuesday'. On Patch Tuesday Microsoft habitually issues a lot of patches for bugs and vulnerabilities in its software.
It's always important to patch, but the update that was released on January 12 is one to pay attention to. That's because it contains a patch for a vulnerability in Windows Defender that is already being exploited in the wild.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) list—a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).
The vulnerability in Windows Defender was registered as CVE-2021-1647—a Remote Code Execution (RCE) vulnerability—and was found in the Malware Protection Engine component (mpengine.dll). According to Microsoft:
> "While this issue is labeled as an elevation of privilege, it can also be exploited to disclose information. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory."
If you are missing this fix in your list, it's possible that this bug has already been patched by Microsoft on end-user systems, as the company continuously updates Defender outside of the normal monthly patch cycle. But you may want to check whether you are using a patched version.
The first patched version is 1.1.17700.4. If you want to make sure that you have a patched version of Windows Defender, here is how you can check this on a Windows 10 computer:
The total package contained over 80 patches. Ten of them were classified as critical, which means that they could possibly be used in the future by cybercriminals to attack unpatched systems. And even the ones that are not rated as critical could put you at risk at some point. It's always important to apply all the patches as soon as you possibly can, especially when it concerns your operating system. So, please do go install these patches as soon as possible.
Stay safe, everyone!
The post Microsoft issues 83 patches, one for actively exploited vulnerability appeared first on Malwarebytes Labs.