Microsoft patches this month include 2 Critical Threats and 2 Vulnerabilities with a CVSS Score of 9.0 or above.
There areĀ 2 Critical with the remaining 46 Important severities fixed. Windows, Windows Components, Office Components, Azure, Windows DNS and DHCP server and Microsoft Dynamic have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, āNot only did we see December Patch Tuesday as the smallest of the year, January continues the trend with only 48 fixes.Ā If you count all the individual CVSS scores together, January has a combined CVSS score of 315.8 with an average CVSS score of 7.0, which is down on last monthās median score of 7.2.ā
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.Ā As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2024-0057 ā NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure.
Note:Ā The vulnerability has the Highest CVSS Score
Syxscore
- Vendor Severity: Important
- CVSS: 9.1
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability
An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server.
Note:Ā The vulnerability has Exploitation More Likely
Syxscore
- Vendor Severity: Critical
- CVSS: 9.0
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope / Jump Point: Changed / Yes
CVE-2024-0056 – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server.
Note:Ā The vulnerability has a Jump Point
Syxscore
- Vendor Severity: Important
- CVSS: 8.7
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Changed / Yes
Reference | Additional Details | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Impact | Exploitability Assessment |
CVE-2024-0057 | An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure. | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | Important | 9.1 | No | No | Security Feature Bypass | Exploitation Less Likely |
CVE-2024-20674 | Scope = Changed, Jump Point = True | Windows Kerberos Security Feature Bypass Vulnerability | Critical | 9 | No | No | Security Feature Bypass | Exploitation More Likely |
CVE-2024-21318 | In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server. | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation More Likely |
CVE-2024-21319 | Scope = Changed, Jump Point = True | Microsoft Identity Denial of service vulnerability | Important | 8.8 | No | No | Denial of Service | Exploitation Less Likely |
CVE-2024-0056 | Scope = Changed, Jump Point = True
A successful attack could exploit a vulnerability in the SQL Data Provider which allows the attacker to exploit the SQL Server. |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | Important | 8.7 | No | No | Security Feature Bypass | Exploitation Less Likely |
CVE-2024-20654 | Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control. | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8 | No | No | Remote Code Execution | Exploitation Less Likely |
CVE-2024-20676 | Scope = Changed, Jump Point = True
In this situation a successful exploit could let attacker gain access to the network where the agent is installed which could lead to accessing other assets in that network. |
Azure Storage Mover Remote Code Execution Vulnerability | Important | 8 | No | No | Remote Code Execution | Exploitation Less Likely |
CVE-2024-20653 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Microsoft Common Log File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely |
CVE-2024-20656 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Visual Studio Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely |
CVE-2024-20658 | An attacker who successfully exploited this vulnerability could gain privilege escalation in the processing of .vhdx files in the Windows Kernel. | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely |
CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
CVE-2024-20681 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely |
CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
CVE-2024-20683 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely |
CVE-2024-20686 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely |
CVE-2024-20698 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely |
CVE-2024-21309 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely |
CVE-2024-21310 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely |
CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.5 | No | No | Remote Code Execution | Exploitation Less Likely | |
CVE-2024-20652 | Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. | Windows HTML Platforms Security Feature Bypass Vulnerability | Important | 7.5 | No | No | Security Feature Bypass | Exploitation More Likely |
CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | Exploitation More Likely | |
CVE-2024-21312 | .NET Framework Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability | Important | 7.3 | No | No | Remote Code Execution | Exploitation Less Likely | |
CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability | Important | 7.3 | No | No | Remote Code Execution | Exploitation Less Likely | |
CVE-2024-20657 | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Windows Group Policy Elevation of Privilege Vulnerability | Important | 7 | No | No | Elevation of Privilege | Exploitation Less Likely |
CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | |
CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability | Important | 6.6 | No | No | Security Feature Bypass | Exploitation Less Likely | |
CVE-2024-20660 | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Microsoft Message Queuing Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-20663 | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Windows Message Queuing Client (MSMQC) Information Disclosure | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-20664 | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Microsoft Message Queuing Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-20680 | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Windows Message Queuing Client (MSMQC) Information Disclosure | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability | Important | 6.5 | No | No | Spoofing | Exploitation Less Likely | |
CVE-2024-21314 | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Microsoft Message Queuing Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-21320 | Windows Themes Spoofing Vulnerability | Important | 6.5 | No | No | Spoofing | Exploitation Less Likely | |
CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass | Important | 6.1 | No | No | Security Feature Bypass | Exploitation Less Likely | |
CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important | 5.7 | No | No | Information Disclosure | Exploitation Less Likely | |
CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important | 5.7 | No | No | Spoofing | Exploitation Less Likely | |
CVE-2024-20694 | An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory. | Windows CoreMessaging Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-20699 | An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability which, if successful, could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host. | Windows Hyper-V Denial of Service Vulnerability | Important | 5.5 | No | No | Denial of Service | Exploitation Less Likely |
CVE-2024-21311 | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Windows Cryptographic Services Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability | Important | 5.3 | No | No | Information Disclosure | Exploitation Less Likely | |
CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | Important | 4.9 | No | No | Information Disclosure | Exploitation Less Likely | |
CVE-2024-20691 | Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. | Windows Themes Information Disclosure Vulnerability | Important | 4.7 | No | No | Information Disclosure | Exploitation Less Likely |
CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important | 4.4 | No | No | Security Feature Bypass | Exploitation Less Likely | |
CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | Important | NA | No | No | Remote Code Execution | Exploitation Less Likely |