REDLEGG BLOG
Critical Vulnerabilities Bulletin - January 2021

Critical Vulnerabilities - January 2021 Bulletin

1/14/21 11:27 AM  |  by RedLegg Blog

How do these critical vulnerabilities affect your business? 

See the latest bulletin from our threat research team below.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

Microsoft Defender Remote Code Execution Vulnerability

  • Identifier: CVE-2021-1647
  • Exploit or POC: YES (Actively being exploited)
  • Update:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
  • Description:
    Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.
  • Mitigation recommendation:
    Currently the only mitigation method is to patch.

Windows Win32k Elevation of Privilege Vulnerability

  • Identifier: CVE-2021-1709
  • Exploit or POC: Very Likely
  • Update:
  • https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1709
  • Description:
    Windows Win32k Elevation of Privilege Vulnerability. No other information provided by the vendor. This vulnerability does not require user interaction. An attacker can exploit a local machine to elevate their privileges and use these privileges to carry out additional attacks.
  • Mitigation recommendation:
    Currently the only mitigation method is to patch.

Linux kernel Buffer Overflows in mwifiex_cmd_802_11_ad_hoc_start

Join today to get future security bulletins** in your inbox asap.

See The Full List

*Active exploits may have changed since the dissemination of this bulletin which was January 14. This list does not represent the full list of current vulnerabilities.

**And to see the full list of vulnerabilities we released with this batch.

Get Blog Updates

Related Articles

Critical Vulnerabilities Bulletin -September 2021 96bravo

Critical Vulnerabilities Bulletin -September 2021

Open Management Infrastructure Remote Code Execution Vulnerability Identifier: CVE-2021-38647 Exploit or POC: No. ...
Emergency Vulnerability Bulletin 96bravo

Emergency Vulnerability Bulletin

Microsoft MSHTML Remote Code Execution Vulnerability Identifier: CVE-2021-40444 Exploit or POC: Yes Update: ...
Critical Security Vulnerabilities Bulletin