Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

January 9, 2024

At this time is Microsoft’s January 2024 Patch Tuesday, which incorporates security updates for a complete of 49 flaws and 12 distant code execution vulnerabilities.

Solely two vulnerabilities have been categorized as crucial, with one being a Home windows Kerberos Safety Function Bypass and the opposite a Hyper-V RCE.

The variety of bugs in every vulnerability class is listed beneath:

10 Elevation of Privilege Vulnerabilities
7 Safety Function Bypass Vulnerabilities
12 Distant Code Execution Vulnerabilities
11 Info Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities

The whole depend of 49 flaws doesn’t embody 4 Microsoft Edge flaws mounted on January fifth.

To be taught extra in regards to the non-security updates launched as we speak, you’ll be able to evaluation our devoted articles on the brand new Home windows 11 KB5034123 cumulative replace and Home windows 10 KB5034122 replace.

This month’s fascinating flaws

Whereas there have been no actively exploited or publicly disclosed vulnerabilities this month, some flaws are extra fascinating than others.

Microsoft fixes an Workplace Distant Code Execution Vulnerability tracked as CVE-2024-20677 that enables risk actors to create maliciously crafted Workplace paperwork with embedded FBX 3D mannequin recordsdata to carry out distant code execution.

“A security vulnerability exists in FBX that would result in distant code execution. To mitigate this vulnerability, the power to insert FBX recordsdata has been disabled in Phrase, Excel, PowerPoint and Outlook for Home windows and Mac,” explains Microsoft security bulletin.

“Variations of Workplace that had this function enabled will not have entry to it. This contains Workplace 2019, Workplace 2021, Workplace LTSC for Mac 2021, and Microsoft 365.”

“3D fashions in Workplace paperwork that have been beforehand inserted from a FBX file will proceed to work as anticipated except the Hyperlink to File possibility was chosen at insert time.”

A crucial Home windows Kerberos bug tracked as CVE-2024-20674 was additionally mounted as we speak, permitting an attacker to bypass the authentication function.

“An unauthenticated attacker may exploit this vulnerability by establishing a machine-in-the-middle (MITM) assault or different native community spoofing method, then sending a malicious Kerberos message to the consumer sufferer machine to spoof itself because the Kerberos authentication server,” reads a assist bulletin.

Current updates from different corporations

Different distributors who launched updates or advisories in January 2023 embody:

The January 2024 Patch Tuesday Safety Updates

Beneath is the entire listing of resolved vulnerabilities within the January 2023 Patch Tuesday updates.

To entry the complete description of every vulnerability and the techniques it impacts, you’ll be able to view the complete report right here.

Tag	CVE ID	CVE Title	Severity
.NET and Visible Studio	CVE-2024-0057	NET, .NET Framework, and Visible Studio Safety Function Bypass Vulnerability	Vital
.NET Core & Visible Studio	CVE-2024-20672	.NET Core and Visible Studio Denial of Service Vulnerability	Vital
.NET Framework	CVE-2024-21312	.NET Framework Denial of Service Vulnerability	Vital
Azure Storage Mover	CVE-2024-20676	Azure Storage Mover Distant Code Execution Vulnerability	Vital
Microsoft Bluetooth Driver	CVE-2024-21306	Microsoft Bluetooth Driver Spoofing Vulnerability	Vital
Microsoft Units	CVE-2024-21325	Microsoft Printer Metadata Troubleshooter Device Distant Code Execution Vulnerability	Vital
Microsoft Edge (Chromium-based)	CVE-2024-0222	Chromium: CVE-2024-0222 Use after free in ANGLE	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-0223	Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-0224	Chromium: CVE-2024-0224 Use after free in WebAudio	Unknown
Microsoft Edge (Chromium-based)	CVE-2024-0225	Chromium: CVE-2024-0225 Use after free in WebGPU	Unknown
Microsoft Id Companies	CVE-2024-21319	Microsoft Id Denial of service vulnerability	Vital
Microsoft Workplace	CVE-2024-20677	Microsoft Workplace Distant Code Execution Vulnerability	Vital
Microsoft Workplace SharePoint	CVE-2024-21318	Microsoft SharePoint Server Distant Code Execution Vulnerability	Vital
Microsoft Digital Exhausting Drive	CVE-2024-20658	Microsoft Digital Exhausting Disk Elevation of Privilege Vulnerability	Vital
Distant Desktop Shopper	CVE-2024-21307	Distant Desktop Shopper Distant Code Execution Vulnerability	Vital
SQL Server	CVE-2024-0056	Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Supplier Safety Function Bypass Vulnerability	Vital
SQLite	CVE-2022-35737	MITRE: CVE-2022-35737 SQLite permits an array-bounds overflow	Vital
Unified Extensible Firmware Interface	CVE-2024-21305	Hypervisor-Protected Code Integrity (HVCI) Safety Function Bypass Vulnerability	Vital
Visible Studio	CVE-2024-20656	Visible Studio Elevation of Privilege Vulnerability	Vital
Home windows AllJoyn API	CVE-2024-20687	Microsoft AllJoyn API Denial of Service Vulnerability	Vital
Home windows Authentication Strategies	CVE-2024-20674	Home windows Kerberos Safety Function Bypass Vulnerability	Essential
Home windows BitLocker	CVE-2024-20666	BitLocker Safety Function Bypass Vulnerability	Vital
Home windows Cloud Information Mini Filter Driver	CVE-2024-21310	Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability	Vital
Home windows Collaborative Translation Framework	CVE-2024-20694	Home windows CoreMessaging Info Disclosure Vulnerability	Vital
Home windows Widespread Log File System Driver	CVE-2024-20653	Microsoft Widespread Log File System Elevation of Privilege Vulnerability	Vital
Home windows Cryptographic Companies	CVE-2024-20682	Home windows Cryptographic Companies Distant Code Execution Vulnerability	Vital
Home windows Cryptographic Companies	CVE-2024-21311	Home windows Cryptographic Companies Info Disclosure Vulnerability	Vital
Home windows Group Coverage	CVE-2024-20657	Home windows Group Coverage Elevation of Privilege Vulnerability	Vital
Home windows Hyper-V	CVE-2024-20699	Home windows Hyper-V Denial of Service Vulnerability	Vital
Home windows Hyper-V	CVE-2024-20700	Home windows Hyper-V Distant Code Execution Vulnerability	Essential
Home windows Kernel	CVE-2024-20698	Home windows Kernel Elevation of Privilege Vulnerability	Vital
Home windows Kernel-Mode Drivers	CVE-2024-21309	Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Vital
Home windows Libarchive	CVE-2024-20697	Home windows Libarchive Distant Code Execution Vulnerability	Vital
Home windows Libarchive	CVE-2024-20696	Home windows Libarchive Distant Code Execution Vulnerability	Vital
Home windows Native Safety Authority Subsystem Service (LSASS)	CVE-2024-20692	Microsoft Native Safety Authority Subsystem Service Info Disclosure Vulnerability	Vital
Home windows Message Queuing	CVE-2024-20660	Microsoft Message Queuing Info Disclosure Vulnerability	Vital
Home windows Message Queuing	CVE-2024-20664	Microsoft Message Queuing Info Disclosure Vulnerability	Vital
Home windows Message Queuing	CVE-2024-20680	Home windows Message Queuing Shopper (MSMQC) Info Disclosure	Vital
Home windows Message Queuing	CVE-2024-20663	Home windows Message Queuing Shopper (MSMQC) Info Disclosure	Vital
Home windows Message Queuing	CVE-2024-21314	Microsoft Message Queuing Info Disclosure Vulnerability	Vital
Home windows Message Queuing	CVE-2024-20661	Microsoft Message Queuing Denial of Service Vulnerability	Vital
Home windows Close by Sharing	CVE-2024-20690	Home windows Close by Sharing Spoofing Vulnerability	Vital
Home windows ODBC Driver	CVE-2024-20654	Microsoft ODBC Driver Distant Code Execution Vulnerability	Vital
Home windows On-line Certificates Standing Protocol (OCSP) SnapIn	CVE-2024-20662	Home windows On-line Certificates Standing Protocol (OCSP) Info Disclosure Vulnerability	Vital
Home windows On-line Certificates Standing Protocol (OCSP) SnapIn	CVE-2024-20655	Microsoft On-line Certificates Standing Protocol (OCSP) Distant Code Execution Vulnerability	Vital
Home windows Scripting	CVE-2024-20652	Home windows HTML Platforms Safety Function Bypass Vulnerability	Vital
Home windows Server Key Distribution Service	CVE-2024-21316	Home windows Server Key Distribution Service Safety Function Bypass	Vital
Home windows Subsystem for Linux	CVE-2024-20681	Home windows Subsystem for Linux Elevation of Privilege Vulnerability	Vital
Home windows TCP/IP	CVE-2024-21313	Home windows TCP/IP Info Disclosure Vulnerability	Vital
Home windows Themes	CVE-2024-20691	Home windows Themes Info Disclosure Vulnerability	Vital
Home windows Themes	CVE-2024-21320	Home windows Themes Spoofing Vulnerability	Vital
Home windows Win32 Kernel Subsystem	CVE-2024-20686	Win32k Elevation of Privilege Vulnerability	Vital
Home windows Win32K	CVE-2024-20683	Win32k Elevation of Privilege Vulnerability	Vital

- Advertisment -

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

This month’s fascinating flaws

Current updates from different corporations

The January 2024 Patch Tuesday Safety Updates

Microsoft warns of ransomware assaults on US healthcare

Firms skip security hardening in rush to undertake AI

GitLab Patches Vital SAML Authentication Bypass Flaw in CE and EE Editions

LEAVE A REPLY Cancel reply

Most Popular

Why Instagram Threads is a hotbed of dangers for companies

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

Prospects warned to cancel bank cards

Telesign launches built-in API to mix conventional id verification channels

Atlas VPN zero-day vulnerability leaks customers’ actual IP tackle

Meet the cyber-criminals of 2023

EDITOR PICKS

How I acquired began: AI security researcher

Tabletop workouts defined: Definition, examples, and aims

SEC is investigating MOVEit mass-hack, says Progress Software program

POPULAR News

Why Instagram Threads is a hotbed of dangers for companies

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

POPULAR TAGS

POPULAR Tags

POPULAR Tags

ABOUT US

FOLLOW US