10 January 2024

Microsoft's January 2024 Patch Tuesday comes with fixes for nearly 50 bugs


Microsoft's January 2024 Patch Tuesday comes with fixes for nearly 50 bugs

Microsoft has released its first batch of security updates in 2024 addressing around 50 vulnerabilities impacting Microsoft products, including multiple remote code execution flaws.

One of the most notable flaws fixed as part of January 2024 Patch Tuesday is CVE-2024-20674, a security feature bypass issue that can allow a remote attacker to intercept a valid Kerberos authentication message from the authentication server and use it to impersonate the authentication server on the victim machine. While there’s no indication this vulnerability has been exploited in the wild, the exploitation is very likely following the public disclosure.

Besides the above-mentioned, Microsoft has fixed two bugs in the Windows Hyper-V subsystem (CVE-2024-20700 and CVE-2024-20699) that could allow to achieve remote code execution and perform a denial of service (DoS) attack, respectively.

This month’s Patch Tuesday also addresses a number of high-severity vulnerabilities affecting Microsoft NET, .NET Framework, and Visual Studio, Microsoft Printer Metadata Troubleshooter Tool, Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider, Microsoft Office.

Other important issues include bugs in Windows Nearby Sharing, MS Remote Desktop Client, Windows Cryptographic Services, SharePoint Server, and Windows TCP/IP.


Back to the list

Latest Posts

Russian Turla hijacks C2 infrastructure of Pakistani hackers in espionage campaign

Russian Turla hijacks C2 infrastructure of Pakistani hackers in espionage campaign

The group has infiltrated the C2 infrastructure of the Pakistani-based actor Storm-0156, as part of the “spy-on-spy” tactics.
5 December 2024
Japan’s CERT warns of zero-day vulnerabilities in I-O data routers

Japan’s CERT warns of zero-day vulnerabilities in I-O data routers

If exploited, the flaws allow attackers to alter device settings, execute arbitrary commands, and disable the firewall.
5 December 2024
UK dismantles $multi-billion Russian money laundering networks tied to drugs, ransomware, and espionage

UK dismantles $multi-billion Russian money laundering networks tied to drugs, ransomware, and espionage

The operation has led to the arrest of 84 individuals and the seizure of over £20 million in cash and cryptocurrency.
5 December 2024