Microsoft Security Bulletin Coverage for January 2021

January 12, 2021

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2021. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability
IPS 15356:Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-1647)
ASPY 146:Malformed-File exe.MP.168

CVE-2021-1707 Microsoft SharePoint Server Remote Code Execution Vulnerability
ASPY 145:Malformed-File xml.MP.3

CVE-2021-1709 Windows Win32k Elevation of Privilege Vulnerability
ASPY 147:Malformed-File exe.MP.169

Following vulnerabilities do not have exploits in the wild :
CVE-2020-26870 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1636 Microsoft SQL Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1637 Windows DNS Query Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1638 Windows Bluetooth Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1641 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-1642 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1644 HEVC Video Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1645 Windows Docker Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1646 Windows WLAN Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1648 Microsoft splwow64 Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1649 Active Template Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1650 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1651 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1652 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1653 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1654 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1655 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1656 TPM Device Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1657 Windows Fax Compose Form Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1659 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1661 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1662 Windows Event Tracing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1663 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1669 Windows Remote Desktop Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1670 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1672 Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1674 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1676 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1677 Azure Active Directory Pod Identity Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-1678 NTLM Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1679 Windows CryptoAPI Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1681 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1682 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1683 Windows Bluetooth Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1684 Windows Bluetooth Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2021-1685 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1686 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1687 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1688 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1689 Windows Multipoint Management Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1690 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1691 Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-1692 Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-1693 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1694 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1695 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1696 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1697 Windows InstallService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1699 Windows (modem.sys) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1702 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1703 Windows Event Logging Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1704 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2021-1706 Windows LUAFV Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1708 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2021-1710 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1711 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1712 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1713 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1714 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1715 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1716 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2021-1717 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2021-1718 Microsoft SharePoint Server Tampering Vulnerability
There are no known exploits in the wild.
CVE-2021-1719 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2021-1723 .NET Core and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability
There are no known exploits in the wild.