Description:

Microsoft has released a security updates to address several vulnerabilities in the following products:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft Windows Codecs Library
• Visual Studio
• SQL Server
• Microsoft Malware Protection Engine
• .NET Core
• .NET Repository
• ASP .NET
• Azure
• Azure Active Directory Pod Identity
• Microsoft Bluetooth Driver
• Microsoft DTV-DVD Video Decoder
• Microsoft Graphics Component
• Microsoft Office SharePoint
• Microsoft RPC
• Microsoft Windows DNS
• SQL Server
• Windows AppX Deployment Extensions
• Windows CryptoAPI
• Windows CSC Service
• Windows Diagnostic Hub
• Windows DP API
• Windows Event Logging Service
• Windows Event Tracing
• Windows Hyper-V
• Windows Installer
• Windows Kernel
• Windows Media
• Windows NTLM
• Windows Print Spooler Components
• Windows Projected File System Filter Driver
• Windows Remote Desktop
• Windows Remote Procedure Call Runtime
• Windows splwow64
• Windows TPM Device Driver
• Windows Update Stack
• Windows WalletService

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• Spoofing
• Security feature bypass
• Execute arbitrary code - remotely
• Memory corruption
• Elevation of Privilege
• Unauthorized disclosure of information
• Denial of Service (DoS)

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

• https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan

Update Instructions:

• support.microsoft.com/ar-sa/help/323166/how-to-download-updates-that-include-drivers-and-hotfixes-from-the-win