Get in Touch Close Menu

Microsoft Defender Zero-day CVE-2021-1647

5 April 2021

On the 12th of January 2021, Microsoft released the first cumulative patch of the new year, with eighty-three security vulnerabilities rectified across a range of Microsoft products. The most significant of these fixes related to a zero-day vulnerability within Microsoft Defender, the integrated anti-virus of Windows operating systems.

This vulnerability is being tracked and identified as CVE-2021-1647 and described as a Remote Code Execution (RCE) vulnerability allowing threat actors to infect target systems with executable code.

Researchers believe that threat actors leveraged this vulnerability following the recent SolarWinds supply-chain attack which affected dozens of government and private organisations.

Threat intelligence indicates that while this exploit has been identified in the wild, the technical details of the exploit have yet to be made publicly available. Whilst the attack complexity is low, the exploitation of the vulnerability itself would require a high degree of skill for an exploit to be successful.

The vulnerability is triggered when a crafted file is scanned by Microsoft Defender; this will happen automatically without user intervention. The crafted file needs to be present on the target for successful exploitation. Placing a file on a target host can be achieved through vectors such phishing e-mails with attachments, fraudulent links, or legitimate files tainted at the source by an attacker.

This vulnerability exploits the Microsoft Malware Protection Engine. This engine receives automatic updates outside the normal patching cycle, minimising the time a system is be exposed to threats. As such, most systems will already be patched unless an administrator has intentionally blocked updates. Where this has occurred, we recommend applying the latest patches as a matter of urgency.

More details are available here:

ZD Net –
Krebs on Security –
Threat Post –
Microsoft Security Response Centre –

Related Articles

Cyber Security Risk Management: A Detailed Guide
20 March 2023

The increased digitisation of our world means the threat of cyberattacks and data breaches continues to grow. No organisation is immune to the risks of cybersecurity threats. In fact, a recent study shows the average time to identify and contain a data breach is 277 days, at an average cost of $4.35 million. That’s why cyber […]

Find Out More
What Is UEBA? User and Entity Behaviour Analytics Guide

Traditional security measures to deal with cybersecurity threats are no longer enough to protect a company’s sensitive data and assets. Therefore, companies need a solution that can detect and respond to potential threats in real time, and that’s where user and entity behaviour analytics (UEBA) comes in. In this article, we’ll explore UEBA in more […]

Find Out More
Web Firewall Application: Securing Online Applications

Application layer attacks or DDoS (Denial of Service Attacks)are the leading cause of breaches. However, a web application firewall (WAF) prevents malicious traffic from accessing web applications. While a web application firewall is not meant to defend against all types of attacks, it is a great tool to have in your arsenal. Let’s look at […]

Find Out More