Home > Cyber News > CVE-2021-1647 Windows Defender Zero-Day Exploited in the Wild

CVE-2021-1647 Windows Defender Zero-Day Exploited in the Wild

vulnerability exploit access grantedFor Microsoft and Windows users, 2021 starts off with a heavy Patch Tuesday, addressing a total of 83 security vulnerabilities.

Microsoft fixed bugs in the Windows operating system and some issues in cloud-based products, enterprise servers, and developer tools. However, the most dangerous vulnerability resides in Windows Defender, a zero-day tracked as CVE-2021-1647.

Windows Defender Zero-Day exploited in the wild

CVE-2021-1647 is a remote code execution flaw that could be trivial to exploit. According to reports, the vulnerability has been exploited in the wild. Windows users and system administrators should patch their Microsoft Malware Protection Engine to the latest version, 1.1.17700.4, to mitigate the risks.

How can CVE-2021-1647 zero-day be exploited?

The technical details surrounding the exploit are scarce. What is known is that the bug can be exploited by tricking the user into opening a malicious document on a vulnerable system that has Windows Defender installed. The Microsoft Malware Protection Engine patch is being deployed automatically, except when system admins have blocked it.

CVE-2020-1660 in Remote Procedure Call

CVE-2020-1660 is also critical, a remote code execution flaw residing in almost every Windows version. Its CVSS score is 8.8, as the attack can be easy to reproduce. The good news is that the bug is “less likely to be exploited,” as noted by Kevin Breen, director of research at Immersive Labs. It is noteworthy that CVE-2020-1660 is one of five flaws in Remote Procedure Call, a core Microsoft Windows service.

“Some of the more memorable computer worms of the last decade spread automatically by exploiting RPC vulnerabilities,” notes respected security expert Brian Krebs.

CVE-2021-1648 Elevation of Privilege Bug

Another vulnerability addressed in January 2021 Patch Tuesday that is worth mentioning is CVE-2021-1648, known as “Microsoft splwow64 Elevation of Privilege Vulnerability,” and rated as important. This flaw was reported by Trend Micro’s Zero-Day Initiative, residing in Windows 8, 10, and Windows Server 2012 and 2019. According to Dustin Child from the Zero-Day Initiative, the vulnerability “was also discovered by Google likely because this patch corrects a bug introduced by a previous patch.”

“The previous CVE was being exploited in the wild, so it’s within reason to think this CVE will be actively exploited as well,” the researcher added.

Did you know that last year’s June Patch Tuesday was the biggest set of updates Microsoft has released so far? It contained fixes for the staggerening number of 129 vulnerabilities. On the positive side, despite being the largest Patch Tuesday in the history of the company, it didn’t include fixes for zero-day bugs, meaning that none of the vulnerabilities were exploited in the wild.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share