Skip to content
    January 12, 2021

    Critical Microsoft Defender Vulnerability (CVE-2021-1647)

    Microsoft’s Patch Tuesday monthly security patches includes a critical patch for Microsoft’s Defender antivirus, which was reportedly exploited prior to this patch being release. Exploitation of this vulnerability will allow an attacker to execute malicious code on vulnerable devices, where Defender is installed.

    Details at a glance: CVE-2021-1647

    • This vulnerability has been exploited in the wild.
    • Low or no privileges are required for attack success.
    • User interaction is not required.
    • There is a critical impact to confidentiality, availability, and integrity of exploited systems.

    Mitigation Guidance

    1. Details of exploitation are extremely sparse while Microsoft’s guidance did indicate exploitation, no details as of yet have been provided.
    2. Microsoft reports proof of concept (POC) exploit code is reportedly available, and will likely be further developed and refined.
    3. Impacted versions of windows include: Windows 7 to Windows Server 2016
    4. A patch is available. Microsoft has released patches for all impacted operating systems.You should evaluate and prioritize patching critical systems. While the vector of this attack is considered “local” due to being file based, Microsoft Exchange and other public facing services should be prioritized to be patched first as they likely have the greatest exposure to exploitation.

    For additional information on how to patch this vulnerability please refer to:
    https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647

    Erica Mixon

    Erica is an award-winning writer, editor and journalist with over ten years of experience in the digital publishing industry. She holds a Bachelor’s degree in writing, literature and publishing from Emerson College. Her foray into technology began at TechTarget, where she provided editorial coverage on a wide variety...

    More from the blog

    View All Posts