Microsoft Releases Patch Tuesday Updates for January 2024
Microsoft has recently released its Patch Tuesday updates for January 2024, addressing a total of 48 security flaws. Among these, two bugs are rated Critical while 46 are rated Important in severity. Fortunately, there is no evidence to suggest that any of these issues are currently being actively attacked or publicly known.
One positive aspect of this update is that it marks the second consecutive Patch Tuesday with no zero-day vulnerabilities. This means that Microsoft has been successful in staying ahead of attackers and preventing any potential exploits before they can be used maliciously.
One notable inclusion in the updates is the fixes for nine security vulnerabilities found in the Chromium-based Edge browser. These fixes aim to provide improved security and protection for Edge users.
In addition to this, Microsoft has also patched a zero-day vulnerability (CVE-2023-7024) that was actively exploited in the wild. This is an important step towards enhancing the overall security of Microsoft’s products and ensuring user safety.
The most critical flaws addressed in this update include a Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) and a Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-20700). The Kerberos vulnerability allows impersonation but requires an attacker to gain access to the restricted network first. On the other hand, the Hyper-V vulnerability does not require authentication or user interaction for remote code execution, but a race condition must be won.
Among other notable vulnerabilities, a privilege escalation flaw in the Common Log File System driver and a security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient have been addressed.
Apart from Microsoft, other vendors have also released security updates to address vulnerabilities in their software. This shows the commitment of the entire industry to ensuring the safety and security of their users.
As an added security measure, Microsoft has decided to disable the ability to insert FBX files in Office due to a security flaw that could potentially lead to remote code execution.
Overall, these Patch Tuesday updates play a crucial role in maintaining the security and integrity of Microsoft’s products. It is important for users to promptly install these updates to protect themselves against potential security risks and stay one step ahead of cybercriminals.
“Social media scholar. Reader. Zombieaholic. Hardcore music maven. Web fanatic. Coffee practitioner. Explorer.”