Webinar Library
Welcome to this January Patch Tuesday Bulletin. This month there are 83 unique CVE’s affecting 10 technologies, 4 technologies with critical vulnerabilities, 1 exploited technology, and 1 technology with publicly disclosed vulnerability details. CVE-2021-1647 was exploited in the wild and affects the Malware Protection Engine but updates are applied automatically. CVE-2021-1648 was publicly disclosed and is a privilege escalation vulnerability in Windows but Microsoft states that exploitation is less likely. Microsoft does rate CVE-2021-1709 and CVE-2021-1707 as more likely to be exploited so make sure that these vulnerabilities are remediated. CVE-2021-1709 is an elevation of privilege vulnerability affecting Windows and CVE-2021-1707 is a remote code execution vulnerability affecting SharePoint.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Windows
Remote Desktop
Remote Desktop Client for Windows Desktop
Windows 8.1, RT 8.1, 10
Server 2012, 2016, 2019
Critical
CVE-2021-1637
CVE-2021-1638
CVE-2021-1642
CVE-2021-1645
CVE-2021-1646
CVE-2021-1648**
CVE-2021-1649
CVE-2021-1650
CVE-2021-1651
CVE-2021-1652
CVE-2021-1653
CVE-2021-1654
CVE-2021-1655
CVE-2021-1656
CVE-2021-1657
CVE-2021-1658
CVE-2021-1659
CVE-2021-1660
CVE-2021-1661
CVE-2021-1662
CVE-2021-1663
CVE-2021-1664
CVE-2021-1665
CVE-2021-1666
CVE-2021-1667
CVE-2021-1668
CVE-2021-1669
CVE-2021-1670
CVE-2021-1671
CVE-2021-1672
CVE-2021-1673
CVE-2021-1674
CVE-2021-1676
CVE-2021-1678
CVE-2021-1679
CVE-2021-1680
CVE-2021-1681
CVE-2021-1682
CVE-2021-1683
CVE-2021-1684
CVE-2021-1685
CVE-2021-1686
CVE-2021-1687
CVE-2021-1688
CVE-2021-1689
CVE-2021-1690
CVE-2021-1691
CVE-2021-1692
CVE-2021-1693
CVE-2021-1694
CVE-2021-1695
CVE-2021-1696
CVE-2021-1697
CVE-2021-1699
CVE-2021-1700
CVE-2021-1701
CVE-2021-1702
CVE-2021-1703
CVE-2021-1704
CVE-2021-1706
CVE-2021-1708
CVE-2021-1709
CVE-2021-1710
*Workaround: No
**Public: Yes
Exploited: No
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Edge
EdgeHTML-based
CVE-2021-1705
**Public: No
Office, Office Services, and Web Apps
365 Apps for Enterprise
Excel 2010, 2013, 2016
Office 2010, 2013, 2016, 2019, 2019 for Mac, Online Server
Web Apps 2010, server 2013
SharePoint Enterprise Server 2013, 2016
SharePoint Foundation 2010, 2013
SharePoint Server 2010, 2019
Word 2010, 2013, 2016
Important
CVE-2021-1641
CVE-2021-1707
CVE-2021-1711
CVE-2021-1712
CVE-2021-1713
CVE-2021-1714
CVE-2021-1715
CVE-2021-1716
CVE-2021-1717
CVE-2021-1718
CVE-2021-1719
Windows Codecs Library
HEVC Video Extension
CVE-2021-1644
CVE-2021-1643
Visual Studio
Visual Studio 2015, 2017, 2019
CVE-2020-26870
CVE-2021-1723
SQL Server
SQL Server 2012, 2014, 2016, 2017, 2019
CVE-2021-1636
Malware Protection Engine
Security Essentials
System Center 2012, Endpoint Protection
Defender
CVE-2021-1647
Exploited: Yes
.NET Repository
.NET 4.6.0 - 4.10.2
CVE-2021-1725
ASP .NET
ASP.NET Core 3.1, 5.0
Azure
Azure Kubernetes Service
CVE-2021-1677
Spoofing