Service Notices

All Notices > Security Notices > Microsoft Releases January 2021 Security Updates

Microsoft Releases January 2021 Security Updates

Jan 13, 2021 GMT+08:00

I. Overview

Microsoft recently released its monthly set of security updates. 83 vulnerabilities are disclosed, among which 10 are rated important. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The following software is affected: Microsoft Windows, Microsoft Office, and Microsoft Defender.

Visit Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan

Among the vulnerabilities, Microsoft Defender remote code execution vulnerability (CVE-2021-1647) is critical. Attackers can construct malicious execution files to trigger remote code execution. Attacks exploiting this vulnerability are discovered. Install the patch to protect your system against attacks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Edge, ChakraCore, and Microsoft Office

IV. Vulnerability Details

CVE ID

Vulnerability Name

Severity

Affected Products

CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008 R2/2012/2012 R2/2016/2019

CVE-2021-1658

CVE-2021-1660

CVE-2021-1666

CVE-2021-1667

CVE-2021-1673

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008 R2/2012/2012 R2/2016/2019

CVE-2021-1665

GDI+ Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008 R2/2012/2012   R2/2016/2019

CVE-2021-1705

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

Important

Microsoft Edge (EdgeHTML-based)

CVE-2021-1668

Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008 R2/2012/2012 R2/2016/2019

CVE-2021-1643

HEVC Video Extensions Remote Code Execution Vulnerability

Important

HEVC Video Extensions

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide/

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.