Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Microsoft Jan 24 Patch Tuesday Highlights

Executive Summary

In the January 2024 Patch Tuesday, Microsoft released fixes for a total of 53 vulnerabilities. This includes 48 Microsoft CVEs and 5 non-Microsoft CVEs. Out of those 5 flaws, 4 of them are related to Chromium with CVSS scores of 8+, and 1 is related to SQLite with a CVSS score of 7+.

Notably, there are no known zero-day threats targeting any of the vulnerabilities addressed in this batch of patches.

For more details, you can refer to the Microsoft January 2024 Security Updates.

We advise organisations to prioritise the installation of Microsoft’s January 2024 patches by adopting a risk-based approach. Below is a summary of the vulnerabilities with a CVSS score of 8+ that Microsoft addressed in this release.

As a side note, you can explore the key highlights for Microsoft Patch Tuesday in December 2023 here.

.NET and Visual Studio

CVE-2024-0057

  • Name: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
  • CVSS Score: 9.1
Windows

CVE-2024-20674

  • Name: Windows Kerberos Security Feature Bypass Vulnerability
  • CVSS Score: 9.0

CVE-2024-20654

  • Name: Microsoft ODBC Driver Remote Code Execution Vulnerability
  • CVSS Score: 8.0
Microsoft Office

CVE-2024-21318

  • Name: Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVSS Score: 8.8
SQL Server

CVE-2024-0056

  • Name: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
  • CVSS Score: 8.7
Azure

CVE-2024-20676

  • Name: Azure Storage Mover Remote Code Execution Vulnerability
  • CVSS Score: 8.0
Microsoft Edge

In this release, Microsoft fixed 4 vulnerabilities related to Chromium that Google had addressed earlier. All of them have a CVSS of 8.8.

It is worth mentioning that Microsoft addressed critical vulnerabilities related to Chromium between the December and January releases. One of those, identified as CVE-2023-7024 and with a CVSS score of 8.8, has been exploited in the wild. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) recently added it to its Known Exploited Vulnerabilities (KEV) Catalog.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.