Microsoft patches this month include 2 Critical Threats and 2 Vulnerabilities with a CVSS Score of 9.0 or above.

There are 2 Critical with the remaining 46 Important severities fixed. Windows, Windows Components, Office Components, Azure, Windows DNS and DHCP server and Microsoft Dynamic have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “Not only did we see December Patch Tuesday as the smallest of the year, January continues the trend with only 48 fixes.  If you count all the individual CVSS scores together, January has a combined CVSS score of 315.8 with an average CVSS score of 7.0, which is down on last month’s median score of 7.2.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

 

CVE-2024-0057 – NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure.

Note:  The vulnerability has the Highest CVSS Score

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.1
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability

An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server.

Note:  The vulnerability has Exploitation More Likely

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.0
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Changed / Yes

CVE-2024-0056 – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

An attacker who successfully exploited this vulnerability could carry out a machine-in-the-middle (MITM) attack and could decrypt and read or modify TLS traffic between the client and server.

Note:  The vulnerability has a Jump Point

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.7
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Changed / Yes

 

Reference Additional Details Description Vendor Severity CVSS Score Weaponised Publicly Aware Impact Exploitability Assessment
CVE-2024-0057 An attacker could exploit this by creating a specially crafted X.509 certificate that intentionally introduce or intentionally induces a chain building failure. NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability Important 9.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-20674 Scope = Changed, Jump Point = True Windows Kerberos Security Feature Bypass Vulnerability Critical 9 No No Security Feature Bypass Exploitation More Likely
CVE-2024-21318 In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server. Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation More Likely
CVE-2024-21319 Scope = Changed, Jump Point = True Microsoft Identity Denial of service vulnerability Important 8.8 No No Denial of Service Exploitation Less Likely
CVE-2024-0056 Scope = Changed, Jump Point = True

A successful attack could exploit a vulnerability in the SQL Data Provider which allows the attacker to exploit the SQL Server.

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability Important 8.7 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-20654 Successful exploitation of this vulnerability simply requires the attacker or targeted user to leverage a Microsoft Access application to automatically talk to a SQL Server while utilizing a remote SQL Server address that they control. Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20676 Scope = Changed, Jump Point = True

In this situation a successful exploit could let attacker gain access to the network where the agent is installed which could lead to accessing other assets in that network.

Azure Storage Mover Remote Code Execution Vulnerability Important 8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20653 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Microsoft Common Log File System Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-20656 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-20658 An attacker who successfully exploited this vulnerability could gain privilege escalation in the processing of .vhdx files in the Windows Kernel. Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-20677 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20681 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-20682 Windows Cryptographic Services Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20683 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Win32k Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-20686 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Win32k Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-20698 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-21309 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-21310 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-20700 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.5 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20652 Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. Windows HTML Platforms Security Feature Bypass Vulnerability Important 7.5 No No Security Feature Bypass Exploitation More Likely
CVE-2024-20661 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-20672 .NET Core and Visual Studio Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-20687 Microsoft AllJoyn API Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-21307 Remote Desktop Client Remote Code Execution Vulnerability Important 7.5 No No Remote Code Execution Exploitation More Likely
CVE-2024-21312 .NET Framework Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-20696 Windows Libarchive Remote Code Execution Vulnerability Important 7.3 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20697 Windows Libarchive Remote Code Execution Vulnerability Important 7.3 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20657 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Windows Group Policy Elevation of Privilege Vulnerability Important 7 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-20655 Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability Important 6.6 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20666 BitLocker Security Feature Bypass Vulnerability Important 6.6 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-20660 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Message Queuing Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-20663 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing Client (MSMQC) Information Disclosure Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-20664 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Message Queuing Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-20680 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Message Queuing Client (MSMQC) Information Disclosure Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-20690 Windows Nearby Sharing Spoofing Vulnerability Important 6.5 No No Spoofing Exploitation Less Likely
CVE-2024-21314 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Microsoft Message Queuing Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-21320 Windows Themes Spoofing Vulnerability Important 6.5 No No Spoofing Exploitation Less Likely
CVE-2024-21316 Windows Server Key Distribution Service Security Feature Bypass Important 6.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-20692 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Important 5.7 No No Information Disclosure Exploitation Less Likely
CVE-2024-21306 Microsoft Bluetooth Driver Spoofing Vulnerability Important 5.7 No No Spoofing Exploitation Less Likely
CVE-2024-20694 An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory. Windows CoreMessaging Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-20699 An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability which, if successful, could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host. Windows Hyper-V Denial of Service Vulnerability Important 5.5 No No Denial of Service Exploitation Less Likely
CVE-2024-21311 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Cryptographic Services Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-21313 Windows TCP/IP Information Disclosure Vulnerability Important 5.3 No No Information Disclosure Exploitation Less Likely
CVE-2024-20662 Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability Important 4.9 No No Information Disclosure Exploitation Less Likely
CVE-2024-20691 Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows Themes Information Disclosure Vulnerability Important 4.7 No No Information Disclosure Exploitation Less Likely
CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Important 4.4 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-21325 Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability Important NA No No Remote Code Execution Exploitation Less Likely