In January 2024 [1] [2] [3], Microsoft released its Patch Tuesday updates [2] [4], addressing a total of 49 security vulnerabilities across various products. This article provides a detailed description of the critical vulnerabilities patched, noteworthy vulnerabilities found [4], and the breakdown of vulnerabilities across multiple Microsoft products.

Description

Among the 49 security vulnerabilities addressed by Microsoft’s Patch Tuesday updates, two were rated as critical. The first critical vulnerability patched is a security bypass vulnerability in the Windows Kerberos authentication protocol [3]. This vulnerability could be exploited by an unauthenticated attacker using a machine-in-the-middle attack [4]. The second critical vulnerability patched is a remote code execution vulnerability in Windows Hyper-V, which requires access to the restricted network and a race condition [4].

Another noteworthy vulnerability is found in Microsoft SharePoint Server [4], allowing an authenticated attacker to run malicious code [4]. Additionally, Microsoft Office faces a remote code execution bug that can be exploited through an Office document containing an FBX file [4].

The vulnerabilities span multiple Microsoft products [4], including Windows [1] [4], Azure [1] [4], NET Framework [1] [4], Office [1] [2] [4], SQL Server [1] [4], and Windows Hyper-V [1] [2] [3] [4]. They encompass various types of vulnerabilities, such as remote code execution [2] [3], information disclosure [4], elevation of privilege [3] [4], security feature bypass [1] [2] [4], denial-of-service [4], and spoofing vulnerabilities [4].

It is important to note that none of the addressed bugs are currently under active exploitation or publicly disclosed. Microsoft has provided fixes and mitigation measures for these vulnerabilities [4].

Furthermore, the updates included fixes for nine security vulnerabilities in the Chromium-based Edge browser [2]. Notable flaws that were patched this month include a privilege escalation flaw in the Common Log File System (CLFS) driver and a security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient [2].

As a precautionary measure, Microsoft disabled the ability to insert FBX files in Office applications due to a security flaw that could potentially lead to remote code execution [2].

Conclusion

The Patch Tuesday updates from Microsoft have effectively addressed critical vulnerabilities, noteworthy vulnerabilities [1] [2] [3] [4], and a range of other vulnerabilities across multiple products. With fixes and mitigation measures provided, the risk of exploitation is reduced. However, it is crucial for users to promptly install these updates to ensure the security of their systems. Additionally, the discovery of a zero-day vulnerability actively exploited in the Chromium-based Edge browser highlights the ongoing need for vigilance and prompt patching.

References

[1] https://securityaffairs.com/157190/security/microsoft-patch-tuesday-january-2024.html
[2] https://thehackernews.com/2024/01/microsofts-january-2024-windows-update.html
[3] https://blog.talosintelligence.com/microsoft-patch-tuesday-january-2024/
[4] https://www.computing.co.uk/news/4161984/microsofts-calm-start-2024-january-patch-tuesday-addresses-49-bugs