ON-DEMAND TRAINING:  
Build your risk-based vulnerability program
Contact Us
Talk to an Expert
Request a demo

Introducing Kenna’s Vuln of the Month Series

Feb 10, 2021
Jerry Gamblin
Director of Security Research at Kenna Security

Share with Your Network

Yesterday was Patch Tuesday, so we’re calling today Exploit Wednesday. And with that, today we launch a new monthly blog series from Kenna Security. We call it Vuln of the Month. It’s an opportunity for those of us on the data science research team to spotlight a named CVE that may not already be on your radar screen, but probably should be. 

Every month, we’ll call out a vuln of special interest that we’re following here at Kenna, and why you should be paying attention as well. We’re basing our assessment on various factors, including evidence of actual exploits, gleaned from data-driven threat and vulnerability intelligence, as well as our assessment of the vuln’s potential for widespread impact. In other words, all the things that make a vuln worthy of a closer look.

This month’s vuln: CVE-2021-1647

Kenna Security’s research team is following closely a remote code execution vulnerability in Microsoft Defender (CVE-2021-1647). Our research shows that CVE-2021-1647 meets most of the criteria we look for to be widely exploited. We’ve listed these criteria by their significance in assessing the risk of this vuln.

  • Exploit code published: Yes
  • Active exploits observed: Yes
  • Attack volume: High
  • Attack velocity: High
  • Malware exploitable: Yes
  • Potential attack surface: > 1 billion
  • Potential impact on availability: Complete
  • Access complexity: Low
  • Authentication/privilege requirements: Low
This graph illustrates that 4.62% of observed vulnerabilities have a higher risk score than CVE-2021-1647.

As the graph above illustrates, only 4.62% of observed vulnerabilities have a higher risk score than CVE-2021-1647.

Why CVE-2021-1647 matters

This past month, security execs and media outlets have paid a lot of attention to recent vulnerabilities in software from SonicWall (CVE-2021-20016), SAP (CVE-2020-6207), Oracle (CVE-2021-2109), and SUDO (CVE-2021-3156). So chances are, you’re already either working to remediate those vulns or at least assess whether they are likely to create a risk to your environment.

We believe CVE-2021-1647 is deserving of the same attention. This vuln has the potential to have a widespread impact. For instance, the bar is low for both attack complexity and privileges required to exploit the vuln. Microsoft notes that a successful exploit, which can be executed remotely or simply by phishing an unsuspecting user into opening the wrong file, can result in “the attacker being able to fully deny access to resources in the impacted component.” 

Windows Defender is installed by default on the more than 1 billion Windows 10 devices, making it a massive target. And with POC code known to be released, we have already seen it actively used by bad actors.  

Bottom line

We would not be surprised to see this Windows Defender vulnerability find its way into most offensive toolkits and used in malware and ransomware in the future.

Mitigation status

Microsoft published security updates to address CVE-2021-1647 on Patch Tuesday, Jan. 12, 2021. 

Watch this space for future Vuln of the Month spotlights. Meanwhile, if you find yourself chasing new and emerging vulns but never quite catching up, learn more about how Kenna Security can help you focus on your highest-risk vulnerabilities, rather than headlines, thanks in part to our real-time vulnerability intelligence powered by machine learning. 

Share with Your Network

Read the Latest Content

Threat Intelligence

CVE-2020-0601 FAQ

UPDATE 2020-01-17: Updated to clarify that Windows 7 is NOT affected. Breaking down CVE-2020-0601, Microsofts’ cryptoAPI vulnerability This week’s announcement of a major vulnerability in the Windows CryptoAPI (crypt32.dll) (CVE-2020-0601) component has generated a lot of buzz in security circles and has brought a variety of questions to our Research team. This post summarizes some…

READ MORE
Webinars

10-Year Cybersecurity Wrap-up and 2021 Trends to Watch

As one of the most disruptive years we’ve seen in many of our lifetimes comes to a close, it’s a good time to pause and look back—and also forward. The global pandemic, of course, dominates the current conversation, but events of the last decade and their overall impact on cybersecurity can reveal greater insight into…

WATCH NOW
Trending Vulns

Are We Patching CVE-2020-0688 (the Microsoft Exchange RCE) Fast Enough?

Last month, we analyzed progress versus the widely publicized ECC encryption vulnerability CVE-2020-0661 that was released in the January Microsoft Patch Tuesday announcement. This month, we look at the patching behavior of another vulnerability, CVE-2020-0688 from the February batch. From the analysis of last month, it was clear that security teams were making remediation of…

READ MORE
FacebookLinkedInTwitterYouTube

© 2021 Kenna Security. All Rights Reserved. Privacy Policy.