January 2021 Monthly Patch Release

Published on 13 Jan 2021

Updated on 13 Jan 2021

UPDATE: Microsoft has detected CVE-2021-1647 to be actively exploited in the wild. Users and administrators are advised to immediately patch their Microsoft Malware Protection Engine to the latest version 1.1.17700.4 or later.


Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2021-Jan

CRITICAL VULNERABILITIES
CVE Number CVE Name Base Score Reference
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1673
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1667
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1666
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1660
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability 8.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1658
CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability 7.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647
CVE-2021-1668 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability 7.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1668
CVE-2021-1643 HEVC Video Extensions Remote Code Execution Vulnerability 7.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1643
CVE-2021-1665 GDI+ Remote Code Execution Vulnerability 7.8 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1665
CVE-2021-1705 Microsoft Edge (HTML-based) Memory Corruption Vulnerability 4.2 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1705