This month's Microsoft Patch Tuesday addresses 50 vulnerabilities. The 10 Critical vulnerabilities cover Windows codecs, Office, HEVC video extensions, RPC runtime, and several other workstation vulnerabilities. Adobe released patches today for Photoshop, Campaign Classic, InCopy, Illustrator, Captivate, Bridge and Animate.
Workstation PatchesOffice and Edge vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used to access email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
Microsoft Defender RCE Zero DayMicrosoft patches Defender Remote Code Execution vulnerability (CVE-2021-1647) in today's patch release for Microsoft Malware Protection Engine. Microsoft stated that this vulnerability was exploited before the patches were made available. This patch should be prioritized.
splwow64 Elevation of PrivilegeWhile Microsoft labeled this issue (CVE-2021-1648) as an elevation-of-privilege vulnerability, it can also be exploited to disclose information, specifically uninitialized memory. Microsoft stated the vulnerability has not been exploited in the wild, although details are available publicly.
AdobeAdobe issued patches today covering multiple vulnerabilities in Adobe Photoshop, Illustrator, Animate, Campaign, InCopy,Captivate and Bridge. The patches for Adobe Campaign are labeled as Priority 2, while the remaining patches are set to Priority 3.
While none of the vulnerabilities disclosed in Adobe's release are known to be actively attacked today, all patches should be prioritized on systems with these products installed.
About Patch TuesdayPatch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday.
Attachments
- Original document
- Permalink
Disclaimer
Qualys Inc. published this content on 12 January 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 12 January 2021 20:05:01 UTC