{"id":8715,"date":"2021-02-12T10:29:36","date_gmt":"2021-02-12T17:29:36","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8715"},"modified":"2023-03-03T14:28:18","modified_gmt":"2023-03-03T21:28:18","slug":"january-2021-patch-watch-digest","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/january-2021-patch-watch-digest\/","title":{"rendered":"January 2021: Patch Watch Digest"},"content":{"rendered":"
20 vendors released security updates for 1086 vulnerabilities. 18 CVEs had publicly known exploits.\u00a0<\/span><\/a><\/span><\/p>\n<\/li>\n 49 vulnerabilities that got patched featured in CISA alerts.\u00a0<\/span><\/a><\/span><\/p>\n<\/li>\n 669 old vulnerabilities have been patched.<\/span><\/a><\/span><\/p>\n<\/li>\n Microsoft put out patches for 83 vulnerabilities.<\/span><\/a><\/span><\/p>\n<\/li>\n Oracle rolled out security patches for 329 vulnerabilities.<\/span><\/a><\/span><\/p>\n<\/li>\n<\/ul>\n We have 18 vulnerabilities that are publicly known exploits, with 6 CVEs rated critical, 7 are high, and 5 of medium. Here is our analysis \u2013<\/span><\/span><\/p>\n 2 CVEs are linked with 3 ransomware families.<\/span><\/span><\/p>\n<\/li>\n 2 CVEs are associated with APT Groups.<\/span><\/span><\/p>\n<\/li>\n 6 CVEs are associated with RCE bug.<\/span><\/span><\/p>\n<\/li>\n 2 CVEs were alerted by CISA.<\/span><\/span><\/p>\n<\/li>\n 5 CVEs are webapp exploits.<\/span><\/span><\/p>\n<\/li>\n 3 CVEs with Denial of Service.\u00a0<\/span><\/span><\/p>\n<\/li>\n 3 CVEs are local exploits.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n <\/span><\/span><\/p>\n Click here for our analysis and download patches.<\/span><\/a><\/span><\/p>\n Microsoft released security patches for 83 vulnerabilities.<\/span><\/span><\/p>\n 10 CVEs are rated critical and 73 are high.<\/span><\/span><\/p>\n<\/li>\n CVE-2021-1647 is a zero-day exploit with RCE capabilities.<\/span><\/span><\/p>\n<\/li>\n This vulnerability existed within the Microsoft Malware Protection Engine version 1.1.17700.4 or later, a core component of Microsoft Defender that addresses malicious software.<\/span><\/span><\/p>\n<\/li>\n Microsoft also patched a publicly disclosed\u00a0Microsoft splwow64 Elevation of Privilege vulnerability tracked as\u00a0CVE-2021-1648, which was previously disclosed by Google Project Zero\u00a0in September 2020 under CVE-2020-0986.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n <\/span><\/p>\n Click here for our analysis and download patches.<\/span><\/a><\/span><\/p>\n Oracle rolled out security patches for 329 vulnerabilities.<\/span><\/span><\/p>\n January 2021 critical patch update fixes included CVE-2020-14750,\u00a0an exploited vulnerability\u00a0in WebLogic Server, which Oracle addressed with the release of an out-of-band update.<\/span><\/span><\/p>\n<\/li>\n 4 CVEs are known exploits.<\/span><\/span><\/p>\n<\/li>\n 48 CVEs are rated critical and 131 are high.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<\/a>Weaponized Vulnerabilities<\/span><\/strong><\/span><\/h2>\n
\n
<\/a>Microsoft Patches for January 2021<\/span><\/strong><\/span><\/h2>\n
\n
<\/a>Oracle Patches for January 2021<\/span><\/span><\/strong><\/h2>\n
\n