IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Microsoft Defender under active exploitation

Microsoft has fixed a serious zero-day remote access vulnerability in its Defender antivirus platform as part of its first Patch Tuesday round of bug fixes for 2021.

The vulnerability, tracked as CVE-2021-1647, is a remote code execution bug which hackers used to embed code on devices with Microsoft Defender installed, by tricking victims into opening a malicious document.

This was part of 83 bug fixes released this week across a range of Microsoft products, including Windows, Azure and other services. The tech giant also released a patch for a flaw in the Windows splwow64 services. This bug, tracked as CVE-2021-1648, could be exploited to escalate privileges.

Seven Adobe products receive Patch Tuesday treatment

Adobe Photoshop, Illustrator, InCopy, Animate, Bridge, Captivate and Campaign Classic all received eight security fixes this week as part of the company’s own round of Patch Tuesday updates.

All vulnerabilities were rated ‘critical’ apart from a privilege escalation flaw in Adobe Captivate 2019, which was deemed ‘important’. The flaws in Photoshop, Illustrator, InCopy, Animate, and two in Bridge, could all be exploited for arbitrary code execution.

The final bug, affecting Adobe Campaign Classic, is tracked as CVE-2021-21009, and can be exploited for the purposes of sensitive information disclosure.

SaferVPN flaw allows privilege escalation on Windows

The popular virtual private network (VPN) service SaferVPN is embedded with a flaw that could be exploited by hackers to escalate privileges on a victim’s Windows machine and run a malicious file.

In a Medium post, a security researcher known as nmht3t claimed he was publishing the details behind the vulnerability, as well as a proof-of-concept because SaferVPN hadn’t fixed it 90 days following disclosure.

Because low-privileged users are allowed to create folders under the C:\ drive, it’s possible for somebody to create an appropriate file path and place within it a malicious file. Once the VPN service starts, the file will load a malicious OpenSSL engine library, and allow result in arbitrary code execution on the system.

The flaw affects SaferVPN for Windows versions through to the latest iteration, version, released on 12 January - there’s currently no patch available for this flaw.

Zero-days used to load websites with malware

Four now-patched zero-day vulnerabilities in Chrome have been flagged by Google’s Project Zero security research team as having been under active exploitation by cyber criminals during 2020.

These Google Chrome flaws were tracked as CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027. The attack itself was revealed to researchers as part of an initiative aimed at researching new ways to detect zero-day exploits in the wild.

The bugs were exploited through watering-hole attacks, which involved “highly sophisticated” attackers compromising frequently-visited websites and loading them with malicious code that installs malware on victims’ devices. The hackers targeted both Android and Windows users with the compromised sites by deploying two exploit servers, before fixes were released in February and April 2020.

Mimecast admits hackers access Microsoft accounts

Cyber criminals violated a small number of Mimecast customers’ Microsoft 365 accounts after they obtained one of the firm’s digital certificates and abused it to gain access to their user accounts.

Roughly 10% of customers use the connection involving this certificate, with no more than nine customers believed to be affected by the breach. Nevertheless, the incident represents a huge worry in light of the recent attack against SolarWinds.

As a precaution, Mimecast has asked the customers who use the affected certificate to immediately delete the existing connection within their Microsft 365 tenant, and re-establish a new certificate-based connection.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download


What is hacktivism?

What is hacktivism?

27 May 2022
Mastering endpoint security implementation

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Europe's first autonomous petrol station opens in Lisbon

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022