Today’s VERT Alert addresses Microsoft’s January 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-922 on Wednesday, January 13th.
In-The-Wild & Disclosed CVEs
CVE-2021-1647
A vulnerability in the Microsoft Malware Protection Engine (MMPE) is currently seeing active exploitation. Since the MMPE is updated regularly with malware definitions, your products have likely already updated. If you want to be certain, check to see that your MMPE version is 1.1.17700.4 or later. If you have a lower version, you should force a manual software update.
Microsoft has rated this as Exploit Detected on the latest software release on the Exploitability Index.
CVE-2021-1648
This CVE is a little tricky as this is the vulnerability previously disclosed by Google Project Zero and ZDI, in December, which was publicly referred to as CVE-2020-17008 at the time. Please note that the CVE from December does not match the CVE issued today. Microsoft has made the unprecedented move of changing the existing CVE to match the year the patch was released. To assist our customers in identifying this vulnerability and ensuring all systems are patched, we have associated both CVEs with our detection logic for this vulnerability. We believe this may cause confusion in the patching process and we highly recommend sharing this information across your organization.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| Tag | CVE Count | CVEs |
| Windows Hyper-V | 3 | CVE-2021-1691, CVE-2021-1692, CVE-2021-1704 |
| Windows WalletService | 4 | CVE-2021-1681, CVE-2021-1686, CVE-2021-1687, CVE-2021-1690 |
| Microsoft Windows | 8 | CVE-2021-1657, CVE-2021-1676, CVE-2021-1689, CVE-2021-1650, CVE-2021-1649, CVE-2021-1646, CVE-2021-1699, CVE-2021-1706 |
| Microsoft Malware Protection Engine | 1 | CVE-2021-1647 |
| Windows Media | 1 | CVE-2021-1710 |
| Windows Installer | 2 | CVE-2021-1661, CVE-2021-1697 |
| Visual Studio | 1 | CVE-2020-26870 |
| Windows Projected File System Filter Driver | 3 | CVE-2021-1663, CVE-2021-1670, CVE-2021-1672 |
| Microsoft DTV-DVD Video Decoder | 1 | CVE-2021-1668 |
| Microsoft Bluetooth Driver | 3 | CVE-2021-1683, CVE-2021-1684, CVE-2021-1638 |
| Microsoft Windows Codecs Library | 2 | CVE-2021-1644, CVE-2021-1643 |
| Azure Active Directory Pod Identity | 1 | CVE-2021-1677 |
| SQL Server | 1 | CVE-2021-1636 |
| Windows CryptoAPI | 1 | CVE-2021-1679 |
| Microsoft Graphics Component | 4 | CVE-2021-1665, CVE-2021-1696, CVE-2021-1708, CVE-2021-1709 |
| Windows Event Tracing | 1 | CVE-2021-1662 |
| Windows Kernel | 1 | CVE-2021-1682 |
| Microsoft Office SharePoint | 6 | CVE-2021-1641, CVE-2021-1707, CVE-2021-1712, CVE-2021-1718, CVE-2021-1717, CVE-2021-1719 |
| Microsoft Office | 5 | CVE-2021-1711, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716 |
| Windows Remote Procedure Call Runtime | 9 | CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701 |
| Windows Remote Desktop | 2 | CVE-2021-1669, CVE-2021-1674 |
| Windows NTLM | 1 | CVE-2021-1678 |
| Windows AppX Deployment Extensions | 2 | CVE-2021-1642, CVE-2021-1685 |
| .NET Repository | 1 | CVE-2021-1725 |
| Windows Diagnostic Hub | 2 | CVE-2021-1651, CVE-2021-1680 |
| Microsoft RPC | 1 | CVE-2021-1702 |
| Microsoft Edge (HTML-based) | 1 | CVE-2021-1705 |
| ASP.NET core & .NET core | 1 | CVE-2021-1723 |
| Windows Event Logging Service | 1 | CVE-2021-1703 |
| Windows DP API | 1 | CVE-2021-1645 |
| Windows TPM Device Driver | 1 | CVE-2021-1656 |
| Windows Update Stack | 1 | CVE-2021-1694 |
| Windows Print Spooler Components | 1 | CVE-2021-1695 |
| Microsoft Windows DNS | 1 | CVE-2021-1637 |
| Windows splwow64 | 1 | CVE-2021-1648 |
| Windows CSC Service | 7 | CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693 |
Other Information
There were no advisories included in the January security guidance.
