Invest
HomeVulnerabilityMicrosoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
Vulnerability

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

stanlieder
By stanlieder

At this time is Microsoft’s January 2024 Patch Tuesday, which incorporates security updates for a complete of 49 flaws and 12 distant code execution vulnerabilities.

Solely two vulnerabilities have been categorized as crucial, with one being a Home windows Kerberos Safety Function Bypass and the opposite a Hyper-V RCE. 

The variety of bugs in every vulnerability class is listed beneath:

  • 10 Elevation of Privilege Vulnerabilities
  • 7 Safety Function Bypass Vulnerabilities
  • 12 Distant Code Execution Vulnerabilities
  • 11 Info Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities 

The whole depend of 49 flaws doesn’t embody 4 Microsoft Edge flaws mounted on January fifth.

To be taught extra in regards to the non-security updates launched as we speak, you’ll be able to evaluation our devoted articles on the brand new Home windows 11 KB5034123 cumulative replace and Home windows 10 KB5034122 replace.

This month’s fascinating flaws

Whereas there have been no actively exploited or publicly disclosed vulnerabilities this month, some flaws are extra fascinating than others.

Microsoft fixes an Workplace Distant Code Execution Vulnerability tracked as CVE-2024-20677 that enables risk actors to create maliciously crafted Workplace paperwork with embedded FBX 3D mannequin recordsdata to carry out distant code execution.

“A security vulnerability exists in FBX that would result in distant code execution. To mitigate this vulnerability, the power to insert FBX recordsdata has been disabled in Phrase, Excel, PowerPoint and Outlook for Home windows and Mac,” explains Microsoft security bulletin.

“Variations of Workplace that had this function enabled will not have entry to it. This contains Workplace 2019, Workplace 2021, Workplace LTSC for Mac 2021, and Microsoft 365.”

“3D fashions in Workplace paperwork that have been beforehand inserted from a FBX file will proceed to work as anticipated except the Hyperlink to File possibility was chosen at insert time.”

See also  Low turnover leaves job-seeking CISOs with nowhere to go

A crucial Home windows Kerberos bug tracked as CVE-2024-20674 was additionally mounted as we speak, permitting an attacker to bypass the authentication function.

“An unauthenticated attacker may exploit this vulnerability by establishing a machine-in-the-middle (MITM) assault or different native community spoofing method, then sending a malicious Kerberos message to the consumer sufferer machine to spoof itself because the Kerberos authentication server,” reads a assist bulletin.

Current updates from different corporations

Different distributors who launched updates or advisories in January 2023 embody:

The January 2024 Patch Tuesday Safety Updates

Beneath is the entire listing of resolved vulnerabilities within the January 2023 Patch Tuesday updates.

To entry the complete description of every vulnerability and the techniques it impacts, you’ll be able to view the complete report right here.

Tag CVE ID CVE Title Severity
.NET and Visible Studio CVE-2024-0057 NET, .NET Framework, and Visible Studio Safety Function Bypass Vulnerability Vital
.NET Core & Visible Studio CVE-2024-20672 .NET Core and Visible Studio Denial of Service Vulnerability Vital
.NET Framework CVE-2024-21312 .NET Framework Denial of Service Vulnerability Vital
Azure Storage Mover CVE-2024-20676 Azure Storage Mover Distant Code Execution Vulnerability Vital
Microsoft Bluetooth Driver CVE-2024-21306 Microsoft Bluetooth Driver Spoofing Vulnerability Vital
Microsoft Units CVE-2024-21325 Microsoft Printer Metadata Troubleshooter Device Distant Code Execution Vulnerability Vital
Microsoft Edge (Chromium-based) CVE-2024-0222 Chromium: CVE-2024-0222 Use after free in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2024-0223 Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2024-0224 Chromium: CVE-2024-0224 Use after free in WebAudio Unknown
Microsoft Edge (Chromium-based) CVE-2024-0225 Chromium: CVE-2024-0225 Use after free in WebGPU Unknown
Microsoft Id Companies CVE-2024-21319 Microsoft Id Denial of service vulnerability Vital
Microsoft Workplace CVE-2024-20677 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace SharePoint CVE-2024-21318 Microsoft SharePoint Server Distant Code Execution Vulnerability Vital
Microsoft Digital Exhausting Drive CVE-2024-20658 Microsoft Digital Exhausting Disk Elevation of Privilege Vulnerability Vital
Distant Desktop Shopper CVE-2024-21307 Distant Desktop Shopper Distant Code Execution Vulnerability Vital
SQL Server CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Supplier Safety Function Bypass Vulnerability Vital
SQLite CVE-2022-35737 MITRE: CVE-2022-35737 SQLite permits an array-bounds overflow Vital
Unified Extensible Firmware Interface CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Safety Function Bypass Vulnerability Vital
Visible Studio CVE-2024-20656 Visible Studio Elevation of Privilege Vulnerability Vital
Home windows AllJoyn API CVE-2024-20687 Microsoft AllJoyn API Denial of Service Vulnerability Vital
Home windows Authentication Strategies CVE-2024-20674 Home windows Kerberos Safety Function Bypass Vulnerability Essential
Home windows BitLocker CVE-2024-20666 BitLocker Safety Function Bypass Vulnerability Vital
Home windows Cloud Information Mini Filter Driver CVE-2024-21310 Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability Vital
Home windows Collaborative Translation Framework CVE-2024-20694 Home windows CoreMessaging Info Disclosure Vulnerability Vital
Home windows Widespread Log File System Driver CVE-2024-20653 Microsoft Widespread Log File System Elevation of Privilege Vulnerability Vital
Home windows Cryptographic Companies CVE-2024-20682 Home windows Cryptographic Companies Distant Code Execution Vulnerability Vital
Home windows Cryptographic Companies CVE-2024-21311 Home windows Cryptographic Companies Info Disclosure Vulnerability Vital
Home windows Group Coverage CVE-2024-20657 Home windows Group Coverage Elevation of Privilege Vulnerability Vital
Home windows Hyper-V CVE-2024-20699 Home windows Hyper-V Denial of Service Vulnerability Vital
Home windows Hyper-V CVE-2024-20700 Home windows Hyper-V Distant Code Execution Vulnerability Essential
Home windows Kernel CVE-2024-20698 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-21309 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Libarchive CVE-2024-20697 Home windows Libarchive Distant Code Execution Vulnerability Vital
Home windows Libarchive CVE-2024-20696 Home windows Libarchive Distant Code Execution Vulnerability Vital
Home windows Native Safety Authority Subsystem Service (LSASS) CVE-2024-20692 Microsoft Native Safety Authority Subsystem Service Info Disclosure Vulnerability Vital
Home windows Message Queuing CVE-2024-20660 Microsoft Message Queuing Info Disclosure Vulnerability Vital
Home windows Message Queuing CVE-2024-20664 Microsoft Message Queuing Info Disclosure Vulnerability Vital
Home windows Message Queuing CVE-2024-20680 Home windows Message Queuing Shopper (MSMQC) Info Disclosure Vital
Home windows Message Queuing CVE-2024-20663 Home windows Message Queuing Shopper (MSMQC) Info Disclosure Vital
Home windows Message Queuing CVE-2024-21314 Microsoft Message Queuing Info Disclosure Vulnerability Vital
Home windows Message Queuing CVE-2024-20661 Microsoft Message Queuing Denial of Service Vulnerability Vital
Home windows Close by Sharing CVE-2024-20690 Home windows Close by Sharing Spoofing Vulnerability Vital
Home windows ODBC Driver CVE-2024-20654 Microsoft ODBC Driver Distant Code Execution Vulnerability Vital
Home windows On-line Certificates Standing Protocol (OCSP) SnapIn CVE-2024-20662 Home windows On-line Certificates Standing Protocol (OCSP) Info Disclosure Vulnerability Vital
Home windows On-line Certificates Standing Protocol (OCSP) SnapIn CVE-2024-20655 Microsoft On-line Certificates Standing Protocol (OCSP) Distant Code Execution Vulnerability Vital
Home windows Scripting CVE-2024-20652 Home windows HTML Platforms Safety Function Bypass Vulnerability Vital
Home windows Server Key Distribution Service CVE-2024-21316 Home windows Server Key Distribution Service Safety Function Bypass Vital
Home windows Subsystem for Linux CVE-2024-20681 Home windows Subsystem for Linux Elevation of Privilege Vulnerability Vital
Home windows TCP/IP CVE-2024-21313 Home windows TCP/IP Info Disclosure Vulnerability Vital
Home windows Themes CVE-2024-20691 Home windows Themes Info Disclosure Vulnerability Vital
Home windows Themes CVE-2024-21320 Home windows Themes Spoofing Vulnerability Vital
Home windows Win32 Kernel Subsystem CVE-2024-20686 Win32k Elevation of Privilege Vulnerability Vital
Home windows Win32K CVE-2024-20683 Win32k Elevation of Privilege Vulnerability Vital
See also  Vital Docker Engine Flaw Permits Attackers to Bypass Authorization Plugins
- Advertisment -spot_img
Previous article
Constancy Nationwide Monetary says hackers stole knowledge on 1.3 million prospects
Next article
FTC bans X-Mode from promoting telephone location information, and orders agency to delete collected information
stanlieder
stanliederhttps://news.killnetswitch.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Load more

EDITOR PICKS

POPULAR News

POPULAR TAGS

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritymicrosoftSecurity TipsData ProtectionsecurityCybercrimesoftware security

POPULAR Tags

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritymicrosoftSecurity TipsData ProtectionsecurityCybercrimesoftware security

POPULAR Tags

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud Securitymicrosoft

ABOUT US

Welcome to News.killnetswitch, your trusted source for the latest updates, insights, and analysis in the world of cybersecurity and network security.

Contact us : info@killnetswitch.com

FOLLOW US

© 2024 All Rights reserved | Protected by News.Killnetswitch