Critical Microsoft Defender Vulnerability (CVE-2021-1647)

Microsoft’s Patch Tuesday monthly security patches includes a critical patch for Microsoft’s Defender antivirus, which was reportedly exploited prior to this patch being release. Exploitation of this vulnerability will allow an attacker to execute malicious code on vulnerable devices, where Defender is installed.

Details at a glance: CVE-2021-1647

• This vulnerability has been exploited in the wild.
• Low or no privileges are required for attack success.
• User interaction is not required.
• There is a critical impact to confidentiality, availability, and integrity of exploited systems.

Mitigation Guidance

1. Details of exploitation are extremely sparse while Microsoft’s guidance did indicate exploitation, no details as of yet have been provided.
2. Microsoft reports proof of concept (POC) exploit code is reportedly available, and will likely be further developed and refined.
3. Impacted versions of windows include: Windows 7 to Windows Server 2016
4. A patch is available. Microsoft has released patches for all impacted operating systems.You should evaluate and prioritize patching critical systems. While the vector of this attack is considered “local” due to being file based, Microsoft Exchange and other public facing services should be prioritized to be patched first as they likely have the greatest exposure to exploitation.

For additional information on how to patch this vulnerability please refer to:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647