Patch Analysis for January 2021
Welcome to this January Patch Tuesday Bulletin. This month there are 83 unique CVE’s affecting 10 technologies, 4 technologies with critical vulnerabilities, 1 exploited technology, and 1 technology with publicly disclosed vulnerability details. CVE-2021-1647 was exploited in the wild and affects the Malware Protection Engine but updates are applied automatically. CVE-2021-1648 was publicly disclosed and is a privilege escalation vulnerability in Windows but Microsoft states that exploitation is less likely. Microsoft does rate CVE-2021-1709 and CVE-2021-1707 as more likely to be exploited so make sure that these vulnerabilities are remediated. CVE-2021-1709 is an elevation of privilege vulnerability affecting Windows and CVE-2021-1707 is a remote code execution vulnerability affecting SharePoint.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
|

|
Technology
|
Products Affected
|
Severity
|
Reference
|
Workaround/ Exploited
|
Vulnerability Info
|
Windows
|
Remote Desktop
Remote Desktop Client for Windows Desktop
Windows 8.1, RT 8.1, 10
Server 2012, 2016, 2019
|
Critical
|
|
*Workaround: No
**Public: Yes
Exploited: No
|
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
|
Edge
|
EdgeHTML-based
|
Critical
|
CVE-2021-1705
|
*Workaround: No
**Public: No
Exploited: No
|
Remote Code Execution
|
Office, Office Services, and Web Apps
|
365 Apps for Enterprise
Excel 2010, 2013, 2016
Office 2010, 2013, 2016, 2019, 2019 for Mac, Online Server
Web Apps 2010, server 2013
SharePoint Enterprise Server 2013, 2016
SharePoint Foundation 2010, 2013
SharePoint Server 2010, 2019
Word 2010, 2013, 2016
|
Important
|
|
*Workaround: No
**Public: No
Exploited: No
|
Remote Code Execution
|
Windows Codecs Library
|
HEVC Video Extension
|
Critical
|
|
*Workaround: No
**Public: No
Exploited: No
|
Remote Code Execution
|
Visual Studio
|
Visual Studio 2015, 2017, 2019
|
Important
|
|
*Workaround: No
**Public: No
Exploited: No
|
Denial of Service
Elevation of Privilege
Remote Code Execution
|
SQL Server
|
SQL Server 2012, 2014, 2016, 2017, 2019
|
Important
|
CVE-2021-1636
|
*Workaround: No
**Public: No
Exploited: No
|
Elevation of Privilege
|
Malware Protection Engine
|
Security Essentials
System Center 2012, Endpoint Protection
Defender
|
Critical
|
CVE-2021-1647
|
*Workaround: No
**Public: No
Exploited: Yes
|
Remote Code Execution
|
.NET Repository
|
.NET 4.6.0 - 4.10.2
|
Important
|
CVE-2021-1725
|
*Workaround: No
**Public: No
Exploited: No
|
Information Disclosure
|
ASP .NET
|
ASP.NET Core 3.1, 5.0
|
Important
|
CVE-2021-1723
|
*Workaround: No
**Public: No
Exploited: No
|
Denial of Service
|
Azure
|
Azure Kubernetes Service
|
Important
|
CVE-2021-1677
|
*Workaround: No
**Public: No
Exploited: No
|
Spoofing
|
Receive Randy's same-day, independent analysis each Patch Tuesday
|
"Thank you. I am very glad I subscribed to this newsletter.
Relevant content clearly and concisely. Finally!!!"
- John K.
"I really like the Fast Facts on this Month's Microsoft
Security Bulletins. Do you keep old copies? If yes, please let me know how I can
access them?"
-Susan D.
"Thanks, Randy. Your regular updates have streamlined my
monthly patching. Much appreciated,"
- Steve T.
"Really appreciate your patch observor. In the corporate
IT world, anything we can get our hands on that speeds the process of analyzing
threats and how they may or may not apply to our environments is a God-send.
Thanks so much for your efforts."
- Tess G.
"Many thanks for this Randy"
- Roger G.
"The chart is a REAAALLY good idea :)"
- Phil J.
"I like the table. Your insight is very valuable. "
Tom C.
"I liked your high level overview of patches in the
table. There are so many sources of patch information which can be very specific
or surrounded by other stuff that it’s refreshing to get everything summarised
like this. The "Randy’s Recommendation" comment is useful starting point too.
Please keep up the good work."
- David A.
"Your Patch Observer is a very good tool in
making the decision whether to patch or not to patch. And also to patch asap or
to wait a while before patching. Also I do think the use of the table is realy
improving the readability of the provided information."
- Gerard T.
|