Microsoft has just launched the monthly series of security updates also known as Patch Tuesday.
In this month's update, the Redmond company fixed a total of 83 vulnerabilities in a wide range of products, including Windows operating system, cloud-based products, developer tools and corporate servers.
But of all the bugs that are being fixed today, the most important is a zero-day vulnerability in Microsoft Defender antivirus, which Microsoft reported that released exploit before the release of today's updates.
The vulnerability is listed in CVE-2021-1647, and is characterized as a remote code execution error (RCE). It allows attackers to run code on vulnerable devices, tricking a user into opening a malicious document on a system that Defender is installed on.
Microsoft said that despite the fact that exploit is already available, the attack does not work in all situations and is still considered to be at PoC level. However, the code could evolve for more reliable attacks.
To combat future attacks, Microsoft has released updates for the Microsoft Malware Protection Engine, which do not require user interaction and will be installed automatically - unless blocked by system administrators.
In addition to Defender zero-day, Microsoft also fixed a security vulnerability in Windows splwow64 that could be exploited to increase an attacker's code permissions.
Read more: Security Update Guide portal