Breaking Down the Latest January 2024 Patch Tuesday Report

Microsoft has kicked off 2024 by disclosing fixes for 49 vulnerabilities in its January Patch Tuesday security updates. Impacting Windows, Office, Dynamics, Azure, and other products, this release addresses concerns rated as Critical for two flaws while giving an Important ranking to 47 bugs.

The two Critical flaws are a Windows Kerberos authentication bypass and a Windows Hyper-V remote code execution vulnerability. The Important fixes cover elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure vulnerabilities.

Among the highlights are remote code execution vulnerabilities in Office related to FBX 3D model files, SharePoint server, ODBC driver, and other components. There is also a critical Kerberos authentication bypass that could enable spoofing attacks.

Additional key fixes address privilege escalation in Windows Subsystem for Linux and the kernel, information disclosure in LSASS and TCP/IP, spoofing in Windows Themes and Nearby Sharing, denial of service in Microsoft Async, and security feature bypasses in .NET/Visual Studio and BitLocker.

In this monthly report, we have provided an analysis of severity ratings, exploitation vectors, and remediation advice to help prioritize patching. Whether you manage Windows clients and servers or cloud-based services, applying these latest critical and important updates helps secure environments as 2024 begins.

Key Highlights – Patch Tuesday January 2024

In January’s Patch Tuesday, Microsoft addressed 49 flaws, including two critical vulnerabilities: a Windows Kerberos authentication bypass and a Windows Hyper-V remote code execution. This update included patches across categories like elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure.

Key highlights are:

  1. Total Flaws and Critical Vulnerabilities: This update resolves 49 total bugs, with two critical flaws in Windows Kerberos and Hyper-V.
  2. Vulnerability Types: Ten elevation of privilege vulnerabilities lead the volume followed by 12 critical remote code executions. Information disclosure, spoofing, denial of service, and security feature bypass rank as other categories with numerous patches.
  3. Zero-Day Vulnerabilities: This is the second constitutive month Microsoft didn’t publish any Zero-Days.
  4. Critical-Rated Bugs: The Windows Kerberos authentication bypass and Hyper-V remote code execution flaws stand out as the two critical issues requiring prioritized patching.
  5. Non-Critical Notables: Other major issues include remote code executions in Office, SharePoint, ODBC driver, and other components. There are also privilege escalations in Windows Subsystem for Linux and the kernel, information disclosures in LSASS and TCP/IP, and spoofing bugs.
See also  How To Fix CVE-2022-31042(3)- High Severity Sensitive Information Discloser Vulnerabilities In Drupal

This January Patch Tuesday kicks off 2024 by addressing vulnerabilities across Microsoft’s ecosystem. Apply these updates to close vulnerabilities before threats exploit them.

Critical Vulnerabilities Patched in January 2024

A Windows Kerberos authentication bypass (CVE-2024-20674) and a Windows Hyper-V remote code execution bug (CVE-2024-20700) lead this month’s high severity threats. Let’s take a closer look at these two critical vulnerabilities.

CVE-2024-20674- Windows Kerberos Bug Allows Authentication Bypass

CVE-2024-20674 scores a 9.1 CVSS rating for its threat to bypass Windows Kerberos authentication via spoofing. By establishing a machine-in-the-middle attack on the network, an unauthenticated attacker could impersonate a Kerberos server and trick a client into thinking it is communicating directly with the real authentication server.

While exploiting this requires network access, its high potential impact and expected public exploit code makes it a priority patch. Successful exploitation could completely bypass Kerberos authentication checks.

CVE-2024-20700 – Hyper-V Remote Code Execution Permits System Takeover

The Windows Hyper-V remote code execution vulnerability CVE-2024-20700 earns a 7.5 CVSS score but allows executing arbitrary code on the host from the guest system. While specifics are light, Microsoft notes no authentication or user interaction is necessary, making this bug perfect for exploit chains.

Since Hyper-V often runs with elevated privileges, this RCE could lead to full system compromise. Fixes are vital for securing hypervisor deployments against intrusion and subsequent lateral movement attempts.

CVE ID Description CVSSv3 Severity
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability 9.1 Critical
CVE-2024-20700 Windows Hyper-V Remote Code Execution Vulnerability 7.5 Critical

Other Important Vulnerabilities Patched in January 2024

While the Windows Kerberos and Hyper-V bugs rank as the two critical issues fixed this month, Microsoft tackled many other important vulnerabilities that require prioritized patching as well.

A remote code execution flaw in the Microsoft Office suite allows arbitrary code execution by embedding malicious FBX 3D model files in Office documents. With no user interaction needed in some cases, this attack vector posed considerable risks.

Additional RCE bugs hit the SharePoint server, ODBC driver, Remote Desktop Client, OCSP, and other components. Most require some level of authentication or interaction, lessening the threats. Still, applying fixes prevents exploit chains utilizing these important bugs as initial access vectors.

On the privilege escalation front, bugs could boost access levels for the Windows kernel, Subsystem for Linux, Cloud Files, and printing components. The 10 total elevation of privilege flaws provide ripe targets for chaining following an intrusion to gain deeper system control.

While less likely to serve as initial compromise vectors, important information disclosure vulnerabilities in LSASS, TCP/IP, cryptographic services, and messaging queuing merit remediation as well. Attackers often leverage data leaks to mount more focused, severe assaults.

In total, a wide range of products receive important-level security fixes in this first Patch Tuesday of 2024. But focusing on the remote code execution and privilege escalation weaknesses likely poses the most pressing threats.

Vulnerabilities by Category

In total, 49 vulnerabilities were addressed in January’s Patch Tuesday. Remote Code Execution flaws top the list with 12 patches, followed by 11 Information Disclosure and 10 Elevation of Privilege vulnerabilities. The rest consist of 7 Security Feature Bypass, 6 Denial of Service, and 3 Spoofing flaws.

Bar chart of Vulnerabilities by Category Patch Tuesday January 2024

Here is the breakdown of the categories patched this month:

  • Remote Code Execution – 12
  • Information Disclosure – 11
  • Elevation of Privilege – 10
  • Security Feature Bypass – 7
  • Denial of Service – 6
  • Spoofing – 3

The table below shows the CVE IDs mapped to these vulnerability types from Microsoft’s January 2024 Patch Tuesday:

Vulnerability Category CVE IDs
Remote Code Execution CVE-2024-20654, CVE-2024-20655, CVE-2024-20676, CVE-2024-20677, CVE-2024-20696, CVE-2024-20697, CVE-2024-20700, CVE-2024-21307, CVE-2024-21318, CVE-2024-21325, CVE-2022-35737, CVE-2024-20682
Information Disclosure CVE-2024-20660, CVE-2024-20664, CVE-2024-20662, CVE-2024-20680, CVE-2024-20663, CVE-2024-20694, CVE-2024-20692, CVE-2024-21311, CVE-2024-21313, CVE-2024-21314, CVE-2024-20691
Elevation of Privilege CVE-2024-20653, CVE-2024-20657, CVE-2024-20658, CVE-2024-20681, CVE-2024-20683, CVE-2024-20686, CVE-2024-20698, CVE-2024-21309, CVE-2024-21310, CVE-2024-20656
Security Feature Bypass CVE-2024-0057, CVE-2024-20674, CVE-2024-20652, CVE-2024-20666, CVE-2024-21305, CVE-2024-21316, CVE-2024-0056
Denial of Service CVE-2024-20661, CVE-2024-20672, CVE-2024-20699, CVE-2024-21312, CVE-2024-21319, CVE-2024-20687
Spoofing CVE-2024-21306, CVE-2024-20690, CVE-2024-21320

List of Products Patched in January 2024 Patch Tuesday

Microsoft’s January 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the key products and components that received patches:

Product Name No. of Vulnerabilities Patched
Windows 16
Microsoft Office 3
Windows Kernel 3
Win32k 3
Azure 2
Hyper-V 2
Microsoft Message Queuing 5
Cryptographic Services 3
.NET Framework 3
Remote Desktop Client 1
Microsoft SharePoint Server 1
Microsoft ODBC Driver 1
Microsoft Bluetooth Driver 1
Microsoft AllJoyn API 1
Windows Hyper-V 1
Windows Subsystem for Linux 1

Complete List of Vulnerabilities Patched in January 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in January 2024 Patch Tuesday here. 

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-20676 Azure Storage Mover Remote Code Execution Vulnerability No No 8

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-0225 Chromium: CVE-2024-0225 Use after free in WebGPU No No N/A
CVE-2024-0224 Chromium: CVE-2024-0224 Use after free in WebAudio No No N/A
CVE-2024-0223 Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE No No N/A
CVE-2024-0222 Chromium: CVE-2024-0222 Use after free in ANGLE No No N/A

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability No No 9.1
CVE-2024-20656 Visual Studio Elevation of Privilege Vulnerability No No 7.8
CVE-2024-21312 .NET Framework Denial of Service Vulnerability No No 7.5
CVE-2024-20672 .NET Core and Visual Studio Denial of Service Vulnerability No No 7.5

Developer Tools Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-21319 Microsoft Identity Denial of service vulnerability No No 6.8

Developer Tools SQL Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-0056 Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability No No 8.7

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-20674 Windows Kerberos Security Feature Bypass Vulnerability No No 9
CVE-2024-20654 Microsoft ODBC Driver Remote Code Execution Vulnerability No No 8
CVE-2024-20682 Windows Cryptographic Services Remote Code Execution Vulnerability No No 7.8
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2024-20658 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability No No 7.8
CVE-2024-20653 Microsoft Common Log File System Elevation of Privilege Vulnerability No No 7.8
CVE-2024-20652 Windows HTML Platforms Security Feature Bypass Vulnerability No No 7.5
CVE-2024-21307 Remote Desktop Client Remote Code Execution Vulnerability No No 7.5
CVE-2024-20661 Microsoft Message Queuing Denial of Service Vulnerability No No 7.5
CVE-2024-20657 Windows Group Policy Elevation of Privilege Vulnerability No No 7
CVE-2024-20655 Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability No No 6.6
CVE-2024-21320 Windows Themes Spoofing Vulnerability No No 6.5
CVE-2024-20680 Windows Message Queuing Client (MSMQC) Information Disclosure No No 6.5
CVE-2024-20663 Windows Message Queuing Client (MSMQC) Information Disclosure No No 6.5
CVE-2024-20660 Microsoft Message Queuing Information Disclosure Vulnerability No No 6.5
CVE-2024-20664 Microsoft Message Queuing Information Disclosure Vulnerability No No 6.5
CVE-2024-21314 Microsoft Message Queuing Information Disclosure Vulnerability No No 6.5
CVE-2024-20692 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability No No 5.7
CVE-2024-21311 Windows Cryptographic Services Information Disclosure Vulnerability No No 5.5
CVE-2024-21313 Windows TCP/IP Information Disclosure Vulnerability No No 5.3
CVE-2024-20662 Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability No No 4.9
CVE-2024-20691 Windows Themes Information Disclosure Vulnerability No No 4.7
CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-21318 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 8.8
CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability No No 7.8

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2024-20681 Windows Subsystem for Linux Elevation of Privilege Vulnerability No No 7.8
CVE-2024-21309 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2024-20698 Windows Kernel Elevation of Privilege Vulnerability No No 7.8
CVE-2024-21310 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No No 7.8
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability No No 7.8
CVE-2024-20700 Windows Hyper-V Remote Code Execution Vulnerability No No 7.5
CVE-2024-20687 Microsoft AllJoyn API Denial of Service Vulnerability No No 7.5
CVE-2024-20696 Windows Libarchive Remote Code Execution Vulnerability No No 7.3
CVE-2024-20697 Windows Libarchive Remote Code Execution Vulnerability No No 7.3
CVE-2024-20666 BitLocker Security Feature Bypass Vulnerability No No 6.6
CVE-2024-20690 Windows Nearby Sharing Spoofing Vulnerability No No 6.5
CVE-2024-21316 Windows Server Key Distribution Service Security Feature Bypass No No 6.1
CVE-2024-21306 Microsoft Bluetooth Driver Spoofing Vulnerability No No 5.7
CVE-2024-20699 Windows Hyper-V Denial of Service Vulnerability No No 5.5
CVE-2024-20694 Windows CoreMessaging Information Disclosure Vulnerability No No 5.5
CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability No No 4.4
CVE-2024-21325 Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability No No N/A

Windows Mariner vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score
CVE-2022-35737 MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow No No N/A

Bottom Line

Microsoft’s January 2024 Patch Tuesday addressed 49 vulnerabilities, including two critical remote code execution flaws impacting Windows Kerberos and Hyper-V.

This release fixed a variety of vulnerability types, with elevation of privilege issues being most prevalent at 10 instances. Remote code execution ranked second with 12 patches issued. The two critical bugs consist of an authentication bypass in Kerberos permitting spoofing attacks and an RCE in Hyper-V allowing potential system takeovers.

Among the notable important-rated vulnerabilities are remote code executions impacting Microsoft Office, SharePoint Server, ODBC driver and other components. Multiple privilege escalation and information disclosure flaws also got addressed across Windows, Azure and Dynamics products.

In total, 49 security gaps were closed in this year’s first patch release. Prioritizing the Windows Kerberos and Hyper-V critical issues can help mitigate intrusion risks before threats exploit them in corporate environments.

Leave a Reply

Your email address will not be published. Required fields are marked *