Microsoft Defender Zero-Day Remote Code Execution (RCE) Vulnerability
On Tuesday, January 12th, Microsoft released a patch for an RCE vulnerability present within their antivirus solutions, Windows Defender, System Center Endpoint Protection, and Security Essentials. This vulnerability is being tracked as CVE-2021-1647. Although an exploit has not been publicly released, this vulnerability is actively being exploited in the wild. Exploitation does not require any user interaction, and either low level or no credentials are required for exploitation. Please ensure that your Microsoft Malware Protection Engine software is using 1.1.17700.4 or later. Often, these updates occur automatically, however if manual updating is required, please see https://support.microsoft.com/en-us/help/2510781/microsoft-malware-protection-engine-deployment-information.
Frontline.Cloud is releasing authenticated check MS21-JAN: Microsoft Windows Security Update (143778) with release 126.96.36.199 expected on January 15th, 2021.