Table of Contents
January 11, 2024
|11m
Breaking Down the Latest January 2024 Patch Tuesday Report
Microsoft has kicked off 2024 by disclosing fixes for 49 vulnerabilities in its January Patch Tuesday security updates. Impacting Windows, Office, Dynamics, Azure, and other products, this release addresses concerns rated as Critical for two flaws while giving an Important ranking to 47 bugs.
The two Critical flaws are a Windows Kerberos authentication bypass and a Windows Hyper-V remote code execution vulnerability. The Important fixes cover elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure vulnerabilities.
Among the highlights are remote code execution vulnerabilities in Office related to FBX 3D model files, SharePoint server, ODBC driver, and other components. There is also a critical Kerberos authentication bypass that could enable spoofing attacks.
Additional key fixes address privilege escalation in Windows Subsystem for Linux and the kernel, information disclosure in LSASS and TCP/IP, spoofing in Windows Themes and Nearby Sharing, denial of service in Microsoft Async, and security feature bypasses in .NET/Visual Studio and BitLocker.
In this monthly report, we have provided an analysis of severity ratings, exploitation vectors, and remediation advice to help prioritize patching. Whether you manage Windows clients and servers or cloud-based services, applying these latest critical and important updates helps secure environments as 2024 begins.
Key Highlights – Patch Tuesday January 2024
In January’s Patch Tuesday, Microsoft addressed 49 flaws, including two critical vulnerabilities: a Windows Kerberos authentication bypass and a Windows Hyper-V remote code execution. This update included patches across categories like elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure.
Key highlights are:
Total Flaws and Critical Vulnerabilities: This update resolves 49 total bugs, with two critical flaws in Windows Kerberos and Hyper-V.
Vulnerability Types: Ten elevation of privilege vulnerabilities lead the volume followed by 12 critical remote code executions. Information disclosure, spoofing, denial of service, and security feature bypass rank as other categories with numerous patches.
Zero-Day Vulnerabilities: This is the second constitutive month Microsoft didn’t publish any Zero-Days.
Critical-Rated Bugs: The Windows Kerberos authentication bypass and Hyper-V remote code execution flaws stand out as the two critical issues requiring prioritized patching.
Non-Critical Notables: Other major issues include remote code executions in Office, SharePoint, ODBC driver, and other components. There are also privilege escalations in the Windows Subsystem for Linux and the kernel, information disclosures in LSASS and TCP/IP, and spoofing bugs.
This January Patch Tuesday kicks off 2024 by addressing vulnerabilities across Microsoft’s ecosystem. Apply these updates to close vulnerabilities before threats exploit them.
Critical Vulnerabilities Patched in January 2024
A Windows Kerberos authentication bypass (CVE-2024-20674) and a Windows Hyper-V remote code execution bug (CVE-2024-20700) lead to this month’s high severity threats. Let’s take a closer look at these two critical vulnerabilities.
CVE-2024-20674- Windows Kerberos Bug Allows Authentication Bypass
CVE-2024-20674 scores a 9.1 CVSS rating for its threat to bypass Windows Kerberos authentication via spoofing. By establishing a machine-in-the-middle attack on the network, an unauthenticated attacker could impersonate a Kerberos server and trick a client into thinking it is communicating directly with the real authentication server.
While exploiting this requires network access, its high potential impact and expected public exploit code make it a priority patch. Successful exploitation could completely bypass Kerberos authentication checks.
CVE-2024-20700 – Hyper-V Remote Code Execution Permits System Takeover
The Windows Hyper-V remote code execution vulnerability CVE-2024-20700 earns a 7.5 CVSS score but allows executing arbitrary code on the host from the guest system. While specifics are light, Microsoft notes no authentication or user interaction is necessary, making this bug perfect for exploit chains.
Since Hyper-V often runs with elevated privileges, this RCE could lead to full system compromise. Fixes are vital for securing hypervisor deployments against intrusion and subsequent lateral movement attempts.
| CVE ID | Description | CVSSv3 | Severity |
|---|---|---|---|
| CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability | 9.1 | Critical |
| CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | 7.5 | Critical |
Other Important Vulnerabilities Patched in January 2024
While the Windows Kerberos and Hyper-V bugs rank as the two critical issues fixed this month, Microsoft tackled many other important vulnerabilities that require prioritized patching as well.
A remote code execution flaw in the Microsoft Office suite allows arbitrary code execution by embedding malicious FBX 3D model files in Office documents. With no user interaction needed in some cases, this attack vector posed considerable risks.
Additional RCE bugs hit the SharePoint server, ODBC driver, Remote Desktop Client, OCSP, and other components. Most require some level of authentication or interaction, lessening the threats. Still, applying fixes prevents exploit chains from utilizing these important bugs as initial access vectors.
On the privilege escalation front, bugs could boost access levels for the Windows kernel, Subsystem for Linux, Cloud Files, and printing components. The 10 total elevation of privilege flaws provide ripe targets for chaining following an intrusion to gain deeper system control.
While less likely to serve as initial compromise vectors, important information disclosure vulnerabilities in LSASS, TCP/IP, cryptographic services, and messaging queuing merit remediation as well. Attackers often leverage data leaks to mount more focused, severe assaults.
In total, a wide range of products receive important-level security fixes in this first Patch Tuesday of 2024. But focusing on the remote code execution and privilege escalation weaknesses likely poses the most pressing threats.
Vulnerabilities by Category
In total, 49 vulnerabilities were addressed in January’s Patch Tuesday. Remote Code Execution flaws top the list with 12 patches, followed by 11 Information Disclosure and 10 Elevation of Privilege vulnerabilities. The rest consist of 7 Security Feature Bypass, 6 Denial of Service, and 3 Spoofing flaws.
Here is the breakdown of the categories patched this month:
Remote Code Execution – 12
Information Disclosure – 11
Elevation of Privilege – 10
Security Feature Bypass – 7
Denial of Service – 6
Spoofing – 3
The table below shows the CVE IDs mapped to these vulnerability types from Microsoft’s January 2024 Patch Tuesday:
| Vulnerability Category | CVE IDs |
|---|---|
| Remote Code Execution | CVE-2024-20654, CVE-2024-20655, CVE-2024-20676, CVE-2024-20677, CVE-2024-20696, CVE-2024-20697, CVE-2024-20700, CVE-2024-21307, CVE-2024-21318, CVE-2024-21325, CVE-2022-35737, CVE-2024-20682 |
| Information Disclosure | CVE-2024-20660, CVE-2024-20664, CVE-2024-20662, CVE-2024-20680, CVE-2024-20663, CVE-2024-20694, CVE-2024-20692, CVE-2024-21311, CVE-2024-21313, CVE-2024-21314, CVE-2024-20691 |
| Elevation of Privilege | CVE-2024-20653, CVE-2024-20657, CVE-2024-20658, CVE-2024-20681, CVE-2024-20683, CVE-2024-20686, CVE-2024-20698, CVE-2024-21309, CVE-2024-21310, CVE-2024-20656 |
| Security Feature Bypass | CVE-2024-0057, CVE-2024-20674, CVE-2024-20652, CVE-2024-20666, CVE-2024-21305, CVE-2024-21316, CVE-2024-0056 |
| Denial of Service | CVE-2024-20661, CVE-2024-20672, CVE-2024-20699, CVE-2024-21312, CVE-2024-21319, CVE-2024-20687 |
| Spoofing | CVE-2024-21306, CVE-2024-20690, CVE-2024-21320 |
List of Products Patched in January 2024 Patch Tuesday
Microsoft’s January 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the key products and components that received patches:
| Product Name | No. of Vulnerabilities Patched |
|---|---|
| Windows | 16 |
| Microsoft Office | 3 |
| Windows Kernel | 3 |
| Win32k | 3 |
| Azure | 2 |
| Hyper-V | 2 |
| Microsoft Message Queuing | 5 |
| Cryptographic Services | 3 |
| .NET Framework | 3 |
| Remote Desktop Client | 1 |
| Microsoft SharePoint Server | 1 |
| Microsoft ODBC Driver | 1 |
| Microsoft Bluetooth Driver | 1 |
| Microsoft AllJoyn API | 1 |
| Windows Hyper-V | 1 |
| Windows Subsystem for Linux | 1 |
Complete List of Vulnerabilities Patched in January 2024 Patch Tuesday
Download the complete list of vulnerabilities by products patched in January 2024 Patch Tuesday here.
Azure vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability | No | No | 8 |
Browser vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-0225 | Chromium: CVE-2024-0225 Use after free in WebGPU | No | No | N/A |
| CVE-2024-0224 | Chromium: CVE-2024-0224 Use after free in WebAudio | No | No | N/A |
| CVE-2024-0223 | Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE | No | No | N/A |
| CVE-2024-0222 | Chromium: CVE-2024-0222 Use after free in ANGLE | No | No | N/A |
Developer Tools vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | No | No | 9.1 |
| CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21312 | .NET Framework Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 7.5 |
Developer Tools Azure vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-21319 | Microsoft Identity Denial of service vulnerability | No | No | 6.8 |
Developer Tools SQL Server vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | No | No | 8.7 |
ESU Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability | No | No | 9 |
| CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8 |
| CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability | No | No | 7.5 |
| CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability | No | No | 7.5 |
| CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | No | No | 6.6 |
| CVE-2024-21320 | Windows Themes Spoofing Vulnerability | No | No | 6.5 |
| CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure | No | No | 6.5 |
| CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure | No | No | 6.5 |
| CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability | No | No | 6.5 |
| CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability | No | No | 6.5 |
| CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability | No | No | 6.5 |
| CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | No | No | 5.7 |
| CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability | No | No | 5.3 |
| CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | No | No | 4.9 |
| CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability | No | No | 4.7 |
Microsoft Office vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 |
Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 7.5 |
| CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability | No | No | 7.3 |
| CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability | No | No | 7.3 |
| CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability | No | No | 6.6 |
| CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability | No | No | 6.5 |
| CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass | No | No | 6.1 |
| CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability | No | No | 5.7 |
| CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability | No | No | 5.5 |
| CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | No | No | 4.4 |
| CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | No | No | N/A |
Windows Mariner vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow | No | No | N/A |
Bottom Line
Microsoft’s January 2024 Patch Tuesday addressed 49 vulnerabilities, including two critical remote code execution flaws impacting Windows Kerberos and Hyper-V.
This release fixed a variety of vulnerability types, with elevation of privilege issues being most prevalent at 10 instances. Remote code execution ranked second with 12 patches issued. The two critical bugs consist of an authentication bypass in Kerberos permitting spoofing attacks and an RCE in Hyper-V allowing potential system takeovers.
Among the notable important-rated vulnerabilities are remote code executions impacting Microsoft Office, SharePoint Server, ODBC driver and other components. Multiple privilege escalation and information disclosure flaws also got addressed across Windows, Azure and Dynamics products.
In total, 49 security gaps were closed in this year’s first patch release. Prioritizing the Windows Kerberos and Hyper-V critical issues can help mitigate intrusion risks before threats exploit them in corporate environments.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
