Let's explore some of the interesting facts
CVE-2021-1648 is a Microsoft splwow64 Elevation of Privilege Vulnerability (EoP) which is a patch bypass for CVE-2020-0986
, which was exploited in the wild as a zero-day
. Proof of concept (PoC) is public but this one is considered as important vulnerability, not critical. Attackers will need local access with low privileges to exploit this vulnerability and that's a relief.
Then we have a SharePoint remote code execution vulnerability which is CVE-2021-1707. Attack vector for this is network and need low privileges to exploit this. It is marked by Microsoft as exploitation more likely probably due ease of exploitation. However, PoC is not out yet.
Then we have, Microsoft Defender Remote Code Execution Vulnerability which is CVE-2021-1647 was exploited in the wild. This bug in the Microsoft Malware Protection Engine may already be patched on your system as the engine auto-updates as needed. However, if your systems are not connected to the Internet, you'll need to manually apply the patch.
Once you patch the above, test and approve the rest of the 9 critical vulnerabilities.
And that's it for this month, Happy Patching and Happy New Year!