fb
Homepage 5 Blog 5 Tackling Microsoft Defender Remote Code Execution Vulnerability

Tackling Microsoft Defender Remote Code Execution Vulnerability

Manage remote endpoints, deploy software and patches with a robust cloud-based Action1 RMM solution. Start your 2-week trial or use free forever for up to 50 endpoints.



Microsoft rolled out its monthly set of security updates. The security patches bundle included fixes for 83 vulnerabilities on Windows operating system, enterprise servers, development tools, and various cloud products and services. Among these patches, ten were described as critical, and one of the most important patches was the fix for Microsoft Defender Remote Code Execution Vulnerability – a zero-day vulnerability that Microsoft said was exploited in the wild before the patch was released.

What Is Microsoft Defender CVE-2021-1647 Vulnerability?

The vulnerability labeled CVE-2021-1647 affects the Malware Protection Engine component (mpengine.dll) in the Microsoft Defender antivirus program. Microsoft described the vulnerability as a Remote Code Execution (RCE), through which malicious actors could potentially execute code on some of the devices where the vulnerable Windows Defender antivirus was installed. A zero-day vulnerability refers to a vulnerability that has already been exploited before it can be reported or fixed. Details about these particular zero-day vulnerability exploits are still scarce. But Microsoft stated that CVE-2021-1647 had already been discovered in the wild before the patch was released, and it reassured the public that the vulnerability was only in the proof-of-concept stage. A proof-of-concept exploit is a non-harmful attack meant to show a system’s weakness before a patch is developed. Microsoft is yet to report if the situation escalates.

Microsoft’s Recommendations to Windows Users

The vulnerability affects Microsoft Malware Protection Engine version 1.1.17600.5 and was addressed in the later version, 1.1.17700.4. Redmond’s advisory informed Windows users that they don’t need to take any action to prevent a CVE-2021-1647 exploit, stating that security updates would automatically install on devices running the vulnerable Malware Protection Engine. Microsoft automatically updates the security and anti-malware definitions on Windows Defender for both enterprise and end-user systems, at least those that have the “Automatic Windows Update” option enabled. But just to be safe, you can check the Malware Protection Engine version on your system and manually update it if it’s not the current patched version. Follow Microsoft’s guide to do this.

The Risks of Zero-Day Vulnerabilities

By definition, zero-day threats and exploits are very difficult to detect and guard against – that’s why they are so dangerous. In most cases, these vulnerabilities only become apparent after hackers exploit them, and even then, they can still stay hidden. Software developers and vendors normally use a combination of sophisticated methods to detect vulnerabilities in their systems, such as statistics, signature, and behavior-based detection systems – with varying success. The bottom line is, it’s nearly impossible to prevent zero-day attacks. Furthermore, you have limited control over deep-level security configurations as an end-user, so you cannot do much anyway. The best you can hope for is that the vendor releases critical security patches in time before malicious actors victimize your organization by exploiting unknown system vulnerabilities. Software vendors often release urgent patches to seal off zero-day vulnerabilities as soon they become aware of them – like in the case of CVE-2021-1647. As a software user, you also have to play your part and install the recommended fixes or updates when they become available. Keeping up with dangerous zero-day vulnerabilities and highly time-sensitive countermeasures can be a tall order for any enterprise IT team. That’s where automated patch management comes in.

What Is Automated Patch Management?

In general, patch management involves identifying and deciding the latest patches required in particular systems and ensuring they are installed correctly and timely. Doing this manually in a corporate environment with hundreds of devices is painstakingly tedious, if not impossible. An automatic patch management system is a cloud-based tool that delivers all the necessary OS and application patches, fixes, and updates to all systems and endpoints through a centralized patch server. It works through a simple network-enabled service. Patching management agents or clients installed on the target workstations, devices, or servers connect with the central patch management server where all patches are stored and updated. The client and server-side tools communicate to decide when and where to install updates. These systems also alert users when installing new patches and automatically retry failed installation several times before reporting incompatibility.

The benefits of automated patch management

Manually installing individual patches across a corporate network is not a practical solution to keeping IT systems up to date. An automated patch management system does so much more than save you the trouble of manual patching.
    • All-round real-time patching Automated patch managers run on the cloud; that means you can access patching services from anywhere, provided you have an internet connection and your device can run the client patch manager. It doesn’t matter how many endpoint devices or servers your company runs or how they’re distributed – new patches will still get to them all the moment they become available. In fact, both remote and on-site systems are always updated simultaneously.
 
    • Comprehensive scanning and patch matching An automated patch manager comes with scanning capabilities that examine every nook and cranny of the network for missing patches and outdated features. The system also continuously updates its patch inventory by linking to the software vendor’s updates release pipeline. A robust patch manager can scan the network and its own repository many times a day for software and even hardware changes on both the user’s and vendor’s side.
 
    • Improved security and compliance One of the main reasons software vendors release patches and newer versions of software is to fix security loopholes and bugs. So, patching software applications and operating systems on time is a critical practice for conserving cybersecurity. Setting up an automated patch manager also helps your business maintain compliance with data protection and privacy standards.
 
  • Streamlines IT security processes Automation is the hallmark of the workplace and IT efficiency. The more IT processes you can automate, the easier and more efficient your enterprise operations become. Automated patching frees your IT team from the menial tasks of installing updates to concentrate on other more important functions. Plus, it also minimizes human interferences and errors in managing critical aspects of the IT infrastructure.

Never Miss an Update with Action1 Patch Management Solution

New patches and features updates present opportunities to improve your IT performance and safeguard your digital assets against internal and external threats. It’s up to you to ensure that these patches are installed correctly and promptly to avoid compromising your IT security posture and efficiency.

With the Action1 patch management solution, you never have to worry about patches or other updates on your Windows systems. Action1 enables automated patching on Windows OS and features while allowing real-time control and visibility into the updates already installed and those that are missing. Our patch manager reinforces your endpoint security by automatically scanning and deploying all the necessary Windows updates as soon as they’re released.

Get your Action1 free trial today and sample the freedom, peace of mind, convenience, and reassurance of protecting your software infrastructure using the most robust and dependable automated patch management solution.

January 21, 2021

Related Articles

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

MSP Pricing Models Guide: Achieving MSP Profitability in 2021

Managed IT services is one of the fastest-growing and most lucrative sectors of the business tech industry. The global IT services market is on track to hit $1.1 trillion by 2026, registering an 8.02 CAGR between 2021 and 2026. Although the managed IT market is...

Sure Strategies and Ways to Prevent Cyber Attacks

Sure Strategies and Ways to Prevent Cyber Attacks

Cybercriminals have been leveraging the latest in technology to plan and execute sophisticated cyberattacks. They use artificial intelligence, the Internet of things (IoT), bots, etc., to execute malware installations, ransomware infections, man-in-the-middle (MITM)...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, patching, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.