Windows 10 received yet another update package on Tuesday (12). The update fixes Windows Defender’s “zero-day” flaws, dozens of code execution vulnerabilities in Microsoft 365 products, and ends an exploit that allowed users to elevate their privileges to run malicious code as an administrator.
In total, 83 bugs and vulnerabilities were fixed in various products in the Microsoft ecosystem – including flaws in the operating system itself. One of the most notable changes was the correction of the flaw known to the company as “CVE-2021-1647”; before the patch, the fix made it possible to execute code remotely (a process known as “RCE”), which could lead users to access malicious files and, consequently, have their machine and files compromised.
Although it is software that is enabled natively on Windows 10 machines, the loophole did not apply in all cases and this reduced the severity of the problem. Still, it is important to update the machine to avoid further problems. In parallel, Windows Defender receives additions to protect against malware.
Another important fix was in the Exploit EoP of the “splwow64” service, within the Windows 10 system. By exploiting it, the attacker could elevate the privilege of users inside the machine and execute malicious code as an administrator.
In this case, the flaw was identified by Microsoft as “CVE-2021-1648” and was made public in December last year. However, it is worth remembering that it was not exploited by criminals.
Distribution is gradual and can take a few hours or days to reach your machine. Microsoft recommends that all users update their computers as soon as possible. For a complete list of fixes, visit the official Microsoft website.