Various patches have been released for Windows, Edge Browser, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.
The biggest issue this month is undoubtedly a zero-day vulnerability in Microsoft Defender antivirus that hackers have already exploited. This bug was identified as CVE-2021-1647 and is described as an RCE [...]
Although it is not available to ordinary users and the full version is priced at about $3,500 per install, attackers still find ways to use it (for example, relying on old, pirated, jailbroken [...]
As a result, security solutions can be used for file manipulation attacks, and malware can gain elevated rights in the system.
Errors of this kind have been found in products from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender.
Currently, developers have already fixed all the problems, and the identifiers assigned to them can be seen below (Avast and F-Secure solutions are still awaiting CVE [...]
We reported some time ago how Microsoft, for unclear reasons, covertly added the ability to download files using Microsoft Defender.
Following this, the cybersecurity research community expressed concern that Microsoft now allows Windows 10 antivirus to be used as LOLBINs (legitimate OS files that can be used for malicious purposes).
“With this new feature, Microsoft Defender is now part of the long list of Windows programs that can be abused by local attackers”, – wrote BleepingComputer [...]