Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s January 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-922 on Wednesday, January 13th.

In-The-Wild & Disclosed CVEs

CVE-2021-1647

A vulnerability in the Microsoft Malware Protection Engine (MMPE) is currently seeing active exploitation. Since the MMPE is updated regularly with malware definitions, your products have likely already updated. If you want to be certain, check to see that your MMPE version is 1.1.17700.4 or later. If you have a lower version, you should force a manual software update.

Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.

CVE-2021-1648

This CVE is a little tricky as this is the vulnerability previously disclosed by Google Project Zero and ZDI, in December, which was publicly referred to as CVE-2020-17008 at the time. Please note that the CVE from December does not match the CVE issued today. Microsoft has made the unprecedented move of changing the existing CVE to match the year the patch was released. To assist our customers in identifying this vulnerability and ensuring all systems are patched, we have associated both CVEs with our detection logic for this vulnerability. We believe this may cause confusion in the patching process and we highly recommend sharing this information across your organization.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
Windows Hyper-V3CVE-2021-1691, CVE-2021-1692, CVE-2021-1704
Windows WalletService4CVE-2021-1681, CVE-2021-1686, CVE-2021-1687, CVE-2021-1690
Microsoft Windows8CVE-2021-1657, CVE-2021-1676, CVE-2021-1689, CVE-2021-1650, CVE-2021-1649, CVE-2021-1646, CVE-2021-1699, CVE-2021-1706
Microsoft Malware Protection Engine1CVE-2021-1647
Windows Media1CVE-2021-1710
Windows Installer2CVE-2021-1661, CVE-2021-1697
Visual Studio1CVE-2020-26870
Windows Projected File System Filter Driver3CVE-2021-1663, CVE-2021-1670, CVE-2021-1672
Microsoft DTV-DVD Video Decoder1CVE-2021-1668
Microsoft Bluetooth Driver3CVE-2021-1683, CVE-2021-1684, CVE-2021-1638
Microsoft Windows Codecs Library2CVE-2021-1644, CVE-2021-1643
Azure Active Directory Pod Identity1CVE-2021-1677
SQL Server1CVE-2021-1636
Windows CryptoAPI1CVE-2021-1679
Microsoft Graphics Component4CVE-2021-1665, CVE-2021-1696, CVE-2021-1708, CVE-2021-1709
Windows Event Tracing1CVE-2021-1662
Windows Kernel1CVE-2021-1682
Microsoft Office SharePoint6CVE-2021-1641, CVE-2021-1707, CVE-2021-1712, CVE-2021-1718, CVE-2021-1717, CVE-2021-1719
Microsoft Office5CVE-2021-1711, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716
Windows Remote Procedure Call Runtime9CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701
Windows Remote Desktop2CVE-2021-1669, CVE-2021-1674
Windows NTLM1CVE-2021-1678
Windows AppX Deployment Extensions2CVE-2021-1642, CVE-2021-1685
.NET Repository1CVE-2021-1725
Windows Diagnostic Hub2CVE-2021-1651, CVE-2021-1680
Microsoft RPC1CVE-2021-1702
Microsoft Edge (HTML-based)1CVE-2021-1705
ASP.NET core & .NET core1CVE-2021-1723
Windows Event Logging Service1CVE-2021-1703
Windows DP API1CVE-2021-1645
Windows TPM Device Driver1CVE-2021-1656
Windows Update Stack1CVE-2021-1694
Windows Print Spooler Components1CVE-2021-1695
Microsoft Windows DNS1CVE-2021-1637
Windows splwow641CVE-2021-1648
Windows CSC Service7CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693

Other Information

There were no advisories included in the January security guidance.

Mastering Configuration Management Across the Modern Enterprise