REDLEGG BLOG
Critical Vulnerabilities Bulletin - January 2021

Critical Vulnerabilities - January 2021 Bulletin

1/14/21 11:27 AM  |  by RedLegg Blog

How do these critical vulnerabilities affect your business? 

See the latest bulletin from our threat research team below.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

Microsoft Defender Remote Code Execution Vulnerability

  • Identifier: CVE-2021-1647
  • Exploit or POC: YES (Actively being exploited)
  • Update:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
  • Description:
    Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.
  • Mitigation recommendation:
    Currently the only mitigation method is to patch.

Windows Win32k Elevation of Privilege Vulnerability

  • Identifier: CVE-2021-1709
  • Exploit or POC: Very Likely
  • Update:
  • https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1709
  • Description:
    Windows Win32k Elevation of Privilege Vulnerability. No other information provided by the vendor. This vulnerability does not require user interaction. An attacker can exploit a local machine to elevate their privileges and use these privileges to carry out additional attacks.
  • Mitigation recommendation:
    Currently the only mitigation method is to patch.

Linux kernel Buffer Overflows in mwifiex_cmd_802_11_ad_hoc_start

Join today to get future security bulletins** in your inbox asap.

See The Full List

*Active exploits may have changed since the dissemination of this bulletin which was January 14. This list does not represent the full list of current vulnerabilities.

**And to see the full list of vulnerabilities we released with this batch.

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin