Microsoft just released Patch Tuesday for January, which, as usual, has plenty of bug fixes. On this occasion, Redmond resolved a total of 83 vulnerabilities present in Windows and other products such as enterprise servers, development tools and cloud service. The version number is KB4598242 and you can download it from Windows Update.
Fixing a vulnerability in Microsoft Defender Zero Day
Among all these fixes, the solution of a Zero Day or Zero-Day vulnerability in Windows 10 antivirus, Microsoft Defender, stands out. This vulnerability, identified as CVE-2021-1647, was based on remote code execution after tricking the user into opening a malicious document on a computer with Defender installed.
To prevent future attacks, Microsoft has released security fixes for its malware protection engine. These fixes will be installed automatically, unless your system administrator has specified otherwise.
End-to-end security issue in the splwow64 service
In addition to the zero-day patch, Microsoft fixed a security issue in the Windows splwow64 service. This flaw could be exploited by attackers to achieve elevation of privilege.
This issue was listed under the code CVE-2021-1648 when it was identified on December 15. Although its details were released at the time, according to Redmond, they have yet to be “exploited.” In any case, it is recommended that system administrators update the equipment to version KB4598242 to avoid future attacks derived from these vulnerabilities.
Other fixes in update KB4598242
A series of errors present since version 2004 of Windows 10 have been fixed. We will detail them below:
A security issue with HTTPS-based intranet servers has been resolved. After you install this update, these servers cannot, by default, use a user proxy to detect updates. Scans using these servers will fail if you have not configured a system proxy for clients. If you need to use a user proxy, you will need to configure the behavior of the user proxy using the “Allow the use of user proxy if detection of a system proxy fails” policy. To ensure a higher level of security, use the Windows Server Update Services (WSUS) Transport Layer Security (TLS) certificate. Fixed a security bypass vulnerability that occurs in the way RPC handles authentication for the Winspool remote interface. Security updates for Windows, Windows Media, Windows Fundamentals, Windows Kernel, Windows Cryptography, Windows Virtualization, Windows Peripherals, and Windows Hybrid Storage Services platforms and frameworks.