Pierluigi Paganini January 09, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities.

Microsoft Patch Tuesday security updates for January 2024 fixed 49 flaws in Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual Studio; SQL Server; Windows Hyper-V; and Internet Explorer. The IT giant also addressed multiple Chromium bugs, bringing the total number of fixed issues to 53.

“None of the CVEs released today are listed as publicly known or under active attack at the time of release.” reported the post published by the Zero Day Initiative.

Two of the addressed vulnerabilities are rated Critical, the remaining 47 issues are rated Important in severity.

The critical vulnerabilities are:

• CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.
• CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability. An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server. This vulnerability can be exploited by an attacker only after gaining access to the restricted network prior to launching an attack.

The complete list of vulnerabilities addressed by Microsoft is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)