In a significant update released for January 2024, Microsoft has patched a total of 48 security vulnerabilities across its software ecosystem. This month’s Patch Tuesday includes two flaws classified as Critical and 46 as Important. Notably, there are no indications that any of these vulnerabilities are being actively exploited or are publicly known, marking two consecutive months without zero-day vulnerabilities.
The update also addresses nine vulnerabilities within the Chromium-based Edge browser, including a critical zero-day vulnerability (CVE-2023-7024), which has reportedly been exploited in the wild. This proactive approach not only secures Microsoft’s applications but also fortifies their commitment to cybersecurity amid evolving threats.
The critical vulnerabilities addressed this month include CVE-2024-20674, which is a security feature bypass vulnerability in Windows Kerberos (CVSS score: 9.0). This flaw could allow an authenticated attacker to impersonate a user by sending a malicious Kerberos message. Similarly, CVE-2024-20700, rated at 7.5, poses a remote code execution vulnerability within Windows Hyper-V, requiring no authentication but hinging on a race condition to execute a successful attack.
Experts suggest that the methods behind these vulnerabilities can be traced to various tactics in the MITRE ATT&CK framework. The potential tactics utilized could include Initial Access through social engineering and exploitation of local network vulnerabilities, Persistence via establishing a foothold in the environment, and Privilege Escalation to gain higher-level access privileges following a successful breach.
Further notable vulnerabilities in this update include CVE-2024-20653 (CVSS score: 7.8), which involves privilege escalation in the Common Log File System (CLFS) driver. Additionally, CVE-2024-0056, which affects Microsoft.Data.SqlClient, allows an attacker to decrypt and manipulate TLS traffic between clients and servers, potentially facilitating Man-in-the-Middle (MitM) attacks. Microsoft has also chosen to disable the capability to insert FBX files in its Office suite applications due to a related security flaw (CVE-2024-20677), intended to prevent remote code execution scenarios.
Recognizing the need for preventative measures, Microsoft’s actions echo a broader trend in cybersecurity where vendors are increasingly aware of potential threats and vulnerabilities. Following previous significant disclosures, such as Zscaler’s discovery of 117 security issues within Microsoft 365 applications, these updates represent a crucial aspect of maintaining robust security standards.
In the wake of Microsoft’s release, numerous other vendors have also rolled out critical updates to address various vulnerabilities. Noteworthy organizations including Adobe, Google, and Cisco have all responded to evolving threats by patching critical flaws in their products, thereby contributing to a collective effort to fortify cybersecurity across the industry.
As cyber threats continue to escalate, it remains imperative for business owners to stay informed about these vulnerabilities and apply relevant updates. By understanding and acting upon the latest security measures, organizations can better protect their digital assets and mitigate risks posed by potential breaches.
