Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulns in Windows Defender

Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulns in Windows Defender

Patch Tuesday Microsoft on Tuesday released updates addressing 83 vulnerabilities in its software, which doesn't include the 13 flaws fixed in its Edge browser last week.


That's up from 58 repairs made in December, 2020, a relatively light month by recent standards.

Affected applications include: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.


In the current crop of 83, 10 vulnerabilities are critical and 73 are rated important. One of these bugs (CVE-2021-1648) is publicly known, according to Microsoft, while another, a remote-code execution hole (CVE-2021-1647) in the Windows Defender security system, is actively being exploited.


CVE-2021-1647 is a Microsoft Defender remote code execution (RCE) vulnerability. In a blog post, Zero Day Initiative's Dustin Childs speculates that the flaw, which for some may already have been patched automatically, could have played a role in the SolarWinds fiasco.


Patch Tuesday brings bug fixes for OpenSSL, IBM, SAP, Kubernetes, Adobe, and Red Hat. And Microsoft, of course


microsoft emits security fixes miscreants already exploiting vulns windows defender