Service Notices
Microsoft Releases January 2021 Security Updates
Jan 13, 2021 GMT+08:00
I. Overview
Microsoft recently released its monthly set of security updates. 83 vulnerabilities are disclosed, among which 10 are rated important. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The following software is affected: Microsoft Windows, Microsoft Office, and Microsoft Defender.
Visit Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan
Among the vulnerabilities, Microsoft Defender remote code execution vulnerability (CVE-2021-1647) is critical. Attackers can construct malicious execution files to trigger remote code execution. Attacks exploiting this vulnerability are discovered. Install the patch to protect your system against attacks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Edge, ChakraCore, and Microsoft Office
IV. Vulnerability Details
CVE ID | Vulnerability Name | Severity | Affected Products |
CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability | Important | Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008 R2/2012/2012 R2/2016/2019 |
CVE-2021-1658 CVE-2021-1660 CVE-2021-1666 CVE-2021-1667 CVE-2021-1673 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008 R2/2012/2012 R2/2016/2019 |
CVE-2021-1665 | GDI+ Remote Code Execution Vulnerability | Important | Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008/2008 R2/2012/2012 R2/2016/2019 |
CVE-2021-1705 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability | Important | Microsoft Edge (EdgeHTML-based) |
CVE-2021-1668 | Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability | Important | Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows Server 2008 R2/2012/2012 R2/2016/2019 |
CVE-2021-1643 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | HEVC Video Extensions |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide/
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.