Critical vulnerability in Microsoft Defender exploited by hackers; update now

Microsoft announced the fix for ten vulnerabilities in its latest security patch, including a critical flaw in Microsoft Defender, the anti-malware tool included in the company’s systems. According to specialists, successful exploitation of the flaw would have allowed threat actors to inject compromised systems with malicious code.

Experts believe the flaw, tracked as CVE-2021-1647, could have been actively exploited in recent months as part of the massive campaign against SolarWinds implementations. Affected versions of Microsoft Defender (from 1.1.17600.5 to 1.1.17700.4) run on Windows 10, Windows 7, and Windows Server systems, so the scope of potential exploitation is considerable.

La imagen tiene un atributo ALT vacío; su nombre de archivo es microsoft13012021.jpg

In its report, the company highlights the seriousness of this flaw: “It is possible that the vulnerability in Microsoft’s antimalware engine has already been fixed on most systems, as the engine is updated automatically. However, you will need to manually update if your systems are not connected to the Internet.”

A second flaw, tracked as CVE-2021-1648, would also have been exploited in the wild. This is a privilege escalation error affecting Windows SPLWOW64.exe reported by the Zero Day Initiative (ZDI).

The company also patched eight additional flaws, also considered critical. These vulnerabilities include a remote code execution error in Microsoft Edge, apparently related to the way the browser accesses objects in memory. The flaw was tracked as CVE-2021-1705.

Other flaws lie in the Windows Graphics Device Interface (CVE-2021-1665), HEVC Video Extensions (CVE-2020-1643), and the Microsoft DTV-DVD Video Decoder (CVE-2020-1668). Updates are now available, so users are encouraged to deploy them as soon as possible.

At Microsoft, they know that the risks arising from the incident in SolarWinds remain active, so the best security measures need to be taken: “Either by correcting reported zero-day vulnerabilities, or by implementing better security protocols today more than ever, a proactive stance on security threats is needed,” concludes the report.