CVE-2021-1647

Name of the Vulnerable Software and Affected Versions Microsoft Defender versions prior to the fixed version

Description The issue is related to insufficient input validation in the mpengine.dll library of Microsoft Defender, allowing a remote attacker to execute arbitrary code using a specially crafted file. The vulnerability is actively being exploited. It has been reported that North Korean hackers created a fake blog and social media accounts to target infosec researchers, offering them a joint project that included a malicious library. The hackers also posted fake videos and exploited 0-day vulnerabilities in Chrome and Windows 10 on their blog to infect visiting experts.

Recommendations For Microsoft Defender versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the mpengine.dll library until a patch is available. Avoid using potentially vulnerable features in Microsoft Defender until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, however, it is recommended to check the official Microsoft website for the latest updates and patches.