Microsoft has just released the January 2024 update for Windows users to fix 48 security flaws in the software.
Microsoft releases January 2024 security updates
Of the 48 errors, 2 errors are rated critical and 46 errors are rated important. There is no evidence that these security flaws have been made public or are actively exploited in the wild.
The most serious of the bugs patched this month include:
– CVE-2024-20700 (CVSS score: 7.5) – Windows Hyper-V remote code execution vulnerability
– CVE-2024-20674 (CVSS score: 9.0) – Windows Kerberos security feature bypass vulnerability.
“An authenticated attacker could exploit this vulnerability by establishing a MitM (Man-in-the-middle) attack or local network spoofing technique and then sending malicious Kerberos messages to the machine victim to impersonate itself as the Kerberos authentication server,” Microsoft said.
However, the company notes that successful exploitation requires the attacker to first gain access to the restricted network. Security researcher ldwilmore34 is credited with discovering and reporting the vulnerability.
On the other hand, CVE-2024-20700 requires neither authentication nor user interaction for remote code execution.
Other notable bugs include CVE-2024-20653 (CVSS score: 7.8), a privilege escalation vulnerability affecting the Common Log File System (CLFS) driver, and CVE-2024-0056 (CVSS score: 8.7), a security vulnerability affecting System.Data.SqlClient and Microsoft.Data.SqlClient.
“An attacker who successfully exploits this vulnerability could perform a MitM attack and could decrypt, read, or modify TLS traffic between the client and server,” Microsoft shared.
The company further noted that it has disabled the ability to insert FBX files in Word, Excel, PowerPoint, and Outlook in Windows by default due to a possible security vulnerability (CVE-2024-20677, CVSS score: 7.8). leading to remote code execution.
How to update on Windows
The update will be downloaded and installed automatically through the stable channel. However, you can always proactively update by going to – Update and Security – Windows Update – Check for updates.
Security updates on Windows.
In addition to Microsoft, the vendors below have also released their own security updates in the past few weeks to fix some vulnerabilities, so users are advised to update their software and operating systems to the latest versions.
– Adobe
– AMD
– Android
– Arm
– ASUS
– Bosch
– Cisco
– Dell
– F5
– Fortinet
– Google Chrome
– Google Cloud
– HP
– IBM
– Intel
– Lenovo
– Linux distributions Debian, Oracle Linux, Red Hat, SUSE và Ubuntu
– MediaTek
– NETGEAR
– Qualcomm
– Samsung
– SAP
– Schneider Electric
– Siemens
– Splunk
– Synology
– Trend Micro
– Zimbra, and
– Zoom