On the first patch day of this year, Microsoft published 64 security patches for ASP .NET, Azure, ChakraCore, Edge, Microsoft Defender, Office , Visual Studio and Windows released. Ten gaps are classified as ” critical “. The remaining patches are marked as ” important “.

Patch now! A critical malicious code vulnerability (CVE – 2021 – 1647) in virus protection Microsoft Defender is currently actively exploited by attackers. To what extent this will take place is currently not known. The error can be found in the malware protection engine. Microsoft states that version 1.1. 17700. 4 has been repaired. The update installs itself automatically.

Microsoft does not explain how attacks could look in detail. The warning only indicates that attacks are possible locally and with low user rights. Due to the critical classification, attacks should not be associated with too much effort.

A gap classified as important (CVE – 2021 – 1648) in Windows (splwow 64) is public knowledge and attacks could be imminent. A previous patch introduced the starting point for attackers. This checks strings, but triggers a memory error (out-of-bounds). In the end, attackers could acquire higher user rights.

Users of Windows and other Microsoft software should ensure that Windows Update is active and that security patches are being downloaded and installed. This is done automatically by default.

Critical gaps Other dangerous malicious code gaps affect, among other things Edge, HEVC Video Extensions and Remote Procedure Call Runtime. This affects Windows 7 up to 10. In an overview of Trend Micro’s Zero Day Initiative, you can find more information about the patched security holes.

(des)