Action1 5 Blog 5 Tackling Microsoft Defender Remote Code Execution Vulnerability

Tackling Microsoft Defender Remote Code Execution Vulnerability

January 21, 2021

By Branden Lee

Microsoft rolled out its monthly set of security updates. The security patches bundle included fixes for 83 vulnerabilities on Windows operating system, enterprise servers, development tools, and various cloud products and services.

Among these patches, ten were described as critical, and one of the most important patches was the fix for Microsoft Defender Remote Code Execution Vulnerability a zero-day vulnerability that Microsoft said was exploited in the wild before the patch was released.

What Is Microsoft Defender CVE-2021-1647 Vulnerability?

The vulnerability labeled CVE-2021-1647 affects the Malware Protection Engine component (mpengine.dll) in the Microsoft Defender antivirus program. Microsoft described the vulnerability as a Remote Code Execution (RCE), through which malicious actors could potentially execute code on some devices where the vulnerable Windows Defender antivirus was installed.

A zero-day vulnerability refers to a vulnerability that has already been exploited before it can be reported or fixed. Details about these particular zero-day vulnerability exploits are still scarce. But Microsoft stated that CVE-2021-1647 had already been discovered in the wild before the patch was released, and it reassured the public that the vulnerability was only in the proof-of-concept stage.

A proof-of-concept exploit is a non-harmful attack meant to show a system’s weakness before a patch is developed. Microsoft is yet to report if the situation escalates.

Microsoft’s Recommendations to Windows Users

The vulnerability affects Microsoft Malware Protection Engine version 1.1.17600.5 and was addressed in the later version, 1.1.17700.4. Redmond’s advisory informed Windows users that they don’t need to take any action to prevent a CVE-2021-1647 exploit, stating that security updates would automatically install on devices running the vulnerable Malware Protection Engine.

Microsoft automatically updates the security and anti-malware definitions on Windows Defender for both enterprise and end-user systems, at least those that have the “Automatic Windows Update” option enabled. But just to be safe, you can check the Malware Protection Engine version on your system and manually update it if it’s not the current patched version. Follow Microsoft’s guide to do this.

The Risks of Zero-Day Vulnerabilities

By definition, zero-day threats and exploits are very difficult to detect and guard against that’s why they are so dangerous. In most cases, these vulnerabilities only become apparent after hackers exploit them, and even then, they can still stay hidden. Software developers and vendors normally use a combination of sophisticated methods to detect vulnerabilities in their systems, such as statistics, signature, and behavior-based detection systems with varying success.

The bottom line is, it’s nearly impossible to prevent zero-day attacks. Furthermore, you have limited control over deep-level security configurations as an end-user, so you cannot do much anyway.

The best you can hope for is that the vendor releases critical security patches in time before malicious actors victimize your organization by exploiting unknown system vulnerabilities.

Software vendors often release urgent patches to seal off zero-day vulnerabilities as soon they become aware of them like in the case of CVE-2021-1647. As a software user, you also have to play your part and install the recommended fixes or updates when they become available. Keeping up with dangerous zero-day vulnerabilities and highly time-sensitive countermeasures can be a tall order for any enterprise IT team. That’s where automated patch management comes in.

What Is Automated Patch Management?

In general, patch management involves identifying and deciding the latest patches required in particular systems and ensuring they are installed correctly and timely. Doing this manually in a corporate environment with hundreds of devices is painstakingly tedious, if not impossible.

An automatic patch management system is a cloud-based tool that delivers all the necessary OS and application patches, fixes, and updates to all systems and endpoints through a centralized patch server. It works through a simple network-enabled service.

Patching management agents or clients installed on the target workstations, devices, or servers connect with the central patch management server where all patches are stored and updated. The client and server-side tools communicate to decide when and where to install updates. These systems also alert users when installing new patches and automatically retry failed installation several times before reporting incompatibility.

The benefits of automated patch management

Manually installing individual patches across a corporate network is not a practical solution to keeping IT systems up to date. An automated patch management system does so much more than save you the trouble of manual patching.

    • All-round real-time patching
      Automated patch managers run on the cloud; that means you can access patching services from anywhere, provided you have an internet connection and your device can run the client patch manager. It doesn’t matter how many endpoint devices or servers your company runs or how they’re distributed new patches will still get to them all the moment they become available. In fact, both remote and on-site systems are always updated simultaneously.

 

    • Comprehensive scanning and patch matching
      An automated patch manager comes with scanning capabilities that examine every nook and cranny of the network for missing patches and outdated features. The system also continuously updates its patch inventory by linking to the software vendor’s updates release pipeline. A robust patch manager can scan the network and its own repository many times a day for software and even hardware changes on both the user’s and vendor’s side.

 

    • Improved security and compliance
      One of the main reasons software vendors release patches and newer versions of software is to fix security loopholes and bugs. So, patching software applications and operating systems on time is a critical practice for conserving cybersecurity. Setting up an automated patch manager also helps your business maintain compliance with data protection and privacy standards.

 

  • Streamlines IT security processes
    Automation is the hallmark of the workplace and IT efficiency. The more IT processes you can automate, the easier and more efficient your enterprise operations become. Automated patching frees your IT team from the menial tasks of installing updates to concentrate on other more important functions. Plus, it also minimizes human interferences and errors in managing critical aspects of the IT infrastructure.

Never Miss an Update with Action1 Patch Management Solution

New patches and features updates present opportunities to improve your IT performance and safeguard your digital assets against internal and external threats. It’s up to you to ensure that these patches are installed correctly and promptly to avoid compromising your IT security posture and efficiency.

With the Action1 patch management solution, you never have to worry about patches or other updates on your Windows systems. Action1 enables automated patching on Windows OS and features while allowing real-time control and visibility into the updates already installed and those that are missing. Our patch manager reinforces your endpoint security by automatically scanning and deploying all the necessary Windows updates as soon as they’re released.

Get started today and sample the freedom, peace of mind, convenience, and reassurance of protecting your software infrastructure using the most robust and dependable automated patch management solution.

Need Help Managing Remote Endpoints?

Subscribe for tips, news and more exclusive resources.

Related Posts