Critical Vulnerabilities - January 2021 Bulletin

Microsoft Defender Remote Code Execution Vulnerability

• Identifier: CVE-2021-1647
• Exploit or POC: YES (Actively being exploited)
• Update:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
• Description:
  Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.
• Mitigation recommendation:
  Currently the only mitigation method is to patch.

Windows Win32k Elevation of Privilege Vulnerability

• Identifier: CVE-2021-1709
• Exploit or POC: Very Likely
• Update:
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1709
• Description:
  Windows Win32k Elevation of Privilege Vulnerability. No other information provided by the vendor. This vulnerability does not require user interaction. An attacker can exploit a local machine to elevate their privileges and use these privileges to carry out additional attacks.
• Mitigation recommendation:
  Currently the only mitigation method is to patch.

Linux kernel Buffer Overflows in mwifiex_cmd_802_11_ad_hoc_start

• Identifier: CVE-2020-36158
• Exploit or POC: No
• Update:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c455c5ab332773464d02ba17015acdca198f03d
• Description:
  mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
• Mitigation recommendation:
  Currently the only mitigation method is to patch.