The first Patch Tuesday of 2021 is a big one for all tech companies, not least Microsoft.

The usual raft of security patches carries additional importance this month against the backdrop of SolarWinds, the sophisticated attack that struck the US government and major tech companies in December 2020.

With that in mind, let's take a look at Microsoft's January 2021 Patch Tuesday offerings.

First Patch Tuesday of 2021 Big One for Microsoft

Kicking things off, Patch Tuesday addresses 83 vulnerabilities in total, 10 of which class as critical. Of the 10 critical vulnerabilities, one is being actively exploited. Many believe this to be a vulnerability linked directly to the SolarWinds attack.

Related: Microsoft Blocks Sunburst Malware at Root of SolarWinds Hack

The specific vulnerability, CVE-2021-1647, is a zero-day vulnerability in Microsoft Defender's Malware Protection Engine that allow an attacker the opportunity to execute code remotely. The vulnerability affects numerous Microsoft platforms, including Windows 10, Windows 8.1, Windows 7, and Windows Server 2016.

However, while Microsoft believes CVE-2011-1647 was actively exploited in the wild, it also labels the vulnerability maturity as "Proof of Concept," which means it "is not functional in all situations and may require substantial modification by a skilled attacker."

Related: Microsoft Reveals Actual Target of SolarWinds CyberAttack

Interestingly, Microsoft has had to issue a second patch for a vulnerability previously disclosed and patched. Vulnerability CVE-2021-1648 is an escalation of privilege bug, first discovered by Google Project Zero (Google's zero-day vulnerability hunting lab) and the Zero-Day Iniative in September 2020 under CVE-2020-0986.

However, despite being patched in a previous Patch Tuesday, the Zero-Day Initiative spotted the vulnerability once more. The Zero-Day Initiative also states that the previous bug was being exploited in the wild, "So it's within reason to think this CVE will be actively exploited as well."

At the time of release, however, Microsoft does not believe CVE-2021-1648 is being actively exploited.

Related: Microsoft Reveals SolarWinds Attackers Accessed Source Code

The other bugs marked critical in this month's Patch Tuesday are CVE-2021-1665, relating to the Windows Graphics Device Interface, CVE-2020-1643, relating to HEVC Video Extensions, and CVE-2020-1668, linked to the Microsoft DTV-DVD Video Decoder.

Patch Your Windows Systems

As always, Microsoft's Patch Tuesday offering features a host of vulnerabilities ranging from critical downwards. Windows Administrators should patch their systems as soon as possible, especially given the serious nature of some of these vulnerabilities.

Likewise, regular Windows 10 users should always install the latest security updates from Microsoft as they arrive. Failing to do so can leave your computer more vulnerable to exploitation.