{"id":23651,"date":"2024-01-13T12:29:03","date_gmt":"2024-01-13T20:29:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/01\/13\/news-17381\/"},"modified":"2024-01-13T12:29:03","modified_gmt":"2024-01-13T20:29:03","slug":"news-17381","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/13\/news-17381\/","title":{"rendered":"2024\u2019s first Patch Tuesday steps lightly"},"content":{"rendered":"<p><strong>Credit to Author: Angela Gunn| Date: Tue, 09 Jan 2024 22:03:14 +0000<\/strong><\/p>\n<div class=\"entry-content lg:prose-lg mx-auto prose max-w-4xl\">\n<p>January isn\u2019t traditionally the lightest month on patch managers\u2019 calendars, so a second month of (relatively) few Microsoft releases is a bit of a treat. On Tuesday the company released 48 CVEs, including 38 for Windows. Eight other product groups or tools are also affected. Of the CVEs addressed, just two are considered Critical in severity by Microsoft; both affect Windows.<\/p>\n<p>At patch time, none of the issues are known to be under exploit in the wild, and none have been publicly disclosed. However, nine of the addressed vulnerabilities in Windows and SharePoint (including one of the Critical-severity CVEs, affecting Kerberos) are by the company\u2019s estimation more likely to be exploited in the next 30 days. Four of those are amenable to detection by Sophos protections, and we include information on those in a table below.<\/p>\n<p>In addition to the 48 patches the release included information on four Chrome CVEs (released last week) that affect Edge, and one MITRE-issued CVE touching the open-source database engine SQLite. (There are no Adobe offerings this month.) We don\u2019t include those issues in the CVE counts and graphics below, but we provide information on everything in an appendix at the end of the article. We are as usual including at the end of this post three other appendices listing all Microsoft\u2019s patches, sorted by severity, by predicted exploitability, and by product family.<\/p>\n<h3>By the numbers<\/h3>\n<ul>\n<li>Total Microsoft CVEs: 48<\/li>\n<li>Total Microsoft advisories shipping in update: 0<\/li>\n<li>Total Edge \/ Chrome issues covered in update: 4<\/li>\n<li>Publicly disclosed: 0<\/li>\n<li>Exploited: 0<\/li>\n<li>Severity\n<ul>\n<li>Critical: 2<\/li>\n<li>Important: 46<\/li>\n<\/ul>\n<\/li>\n<li>Impact\n<ul>\n<li>Information Disclosure: 12<\/li>\n<li>Remote Code Execution: 11<\/li>\n<li>Elevation of Privilege: 10<\/li>\n<li>Denial of Service: 6<\/li>\n<li>Security Feature Bypass: 6<\/li>\n<li>Spoofing: 3<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-01.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-953251\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-01.png\" alt=\"A bar chart showing the distribution of January 2024 patches by impact, then severity; information conveyed in article text\" width=\"640\" height=\"417\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-01.png 838w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-01.png?resize=300,195 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-01.png?resize=768,500 768w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p><em>Figure 1: You\u2019re reading the labels correctly: Information-disclosure issues outnumber both EoP and RCE bugs in January. Security feature bypass issues \u2013 one of them Critical-severity &#8212; also make a strong showing<\/em><\/p>\n<h3><strong>Products<\/strong><\/h3>\n<ul>\n<li>Windows: 38<\/li>\n<li>.NET: 5 (including on shared with Visual Studio; one shared with Microsoft Identity Model \/ NuGet and Visual Studio; and one shared with Azure, SQL Server, and Visual Studio)<\/li>\n<li>Visual Studio: 4 (including one shared with .NET; one shared with .NET and Microsoft Identity Model \/ NuGet; and one shared with .NET, Azure, and SQL Server)<\/li>\n<li>Azure: 2 (including one shared with .NET, SQL Server, and Visual Studio)<\/li>\n<li>Microsoft Identity Model \/ NuGet: 1 (shared with .NET and Visual Studio)<\/li>\n<li>Microsoft Printer Metadata Troubleshooter Tool: 1<\/li>\n<li>Office: 1<\/li>\n<li>SharePoint: 1<\/li>\n<li>SQL Server: 1 (shared with .NET, Azure, and Visual Studio)<\/li>\n<\/ul>\n<p><a href=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-02.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-953252\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-02.png\" alt=\"A bar chart showing distribution of January 2024 patches by product family; information conveyed in text\" width=\"640\" height=\"424\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-02.png 814w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-02.png?resize=300,199 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/figure-02.png?resize=768,509 768w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p><em>Figure 2: Windows is heavily represented in this month\u2019s patches, but several less-familiar tools and applications are also in the mix (full names shown in tables below)<\/em><\/p>\n<p><strong>Notable January updates<\/strong><\/p>\n<p>In addition to the issues discussed above, a few specific items are worth noting.<\/p>\n<p><strong>CVE-2024-0057 &#8212; .NET, .NET Framework, and Visual Studio Framework Security Feature Bypass Vulnerability<br \/> CVE-2024-20674 &#8212; Windows Kerberos Security Feature Bypass Vulnerability<\/strong><\/p>\n<p>Of this pair of security feature bypass issues, Microsoft deems only the Kerberos issue to be Critical-class. The CVSS scoring system begs to differ, since the guide to that scoring system requires that scorers consider feasible worst-case scenarios when evaluating bugs in software libraries. Their CVSS base scores are thus 9.1 and 9.0 respectively. In any case, admins are encouraged to prioritize these two patches.<\/p>\n<p><strong>CVE-2024-20696 \u2013 Windows Libarchive Remote Code Execution Vulnerability<br \/> CVE-2024-20697 \u2013 Windows Libarchive Remote Code Execution Vulnerability<\/strong><\/p>\n<p>The information available on these two identically named Important-class RCEs is scant, but there\u2019s a big clue to their importance in the title: These two issues affect Libarchive, the engine for reading and writing in various compression and archive formats.<\/p>\n<p><strong>CVE-2024-20666 \u2013 BitLocker Security Feature Bypass Vulnerability<\/strong><\/p>\n<p>Another security feature bypass, this time in a security feature. This issue stands out for some fairly nuanced requirements around servicing the Safe OS; for most versions of Windows 11 this is now a fully automated process, and those relying on WSUS are automatically updated, but those working in more complex environments are strongly encouraged to check Microsoft\u2019s published guidance for specific instructions. In any case, the attacker requires physical access to the targeted machine.<\/p>\n<p><strong>CVE-2024-21305 &#8212; Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability<\/strong><\/p>\n<p>The CVE with the lowest CVSS base score this month has something in common with the two highest-scoring CVEs: It\u2019s yet another security feature bypass. This one, however, rates a mere 4.4 base score and requires the attacker to have physical access to the targeted machine <em>and<\/em> to have previously compromised admin credentials. It affects an assortment of Windows client and server versions and, for those still running that hardware, 15 versions of the Surface.<\/p>\n<h3><strong>Sophos protections<\/strong><\/h3>\n<p>&nbsp;<\/p>\n<p>As you can every month, if you don\u2019t want to wait for your system to pull down Microsoft\u2019s updates itself, you can download them manually from the Windows Update Catalog website. Run the <strong>winver.exe <\/strong>tool to determine which build of Windows 10 or 11 you\u2019re running, then download the Cumulative Update package for your specific system\u2019s architecture and build number.<\/p>\n<h3><strong>Appendix A: Vulnerability Impact and Severity<\/strong><\/h3>\n<p>This is a list of January patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.<\/p>\n<p><strong>Information Disclosure (12 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0056<\/td>\n<td width=\"469\">Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20660<\/td>\n<td width=\"469\">Windows Message Queuing Client Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20662<\/td>\n<td width=\"469\">Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20663<\/td>\n<td width=\"469\">Windows Message Queuing Client (MSMQC) Information Disclosure<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20664<\/td>\n<td width=\"469\">Microsoft Message Queuing Client Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20680<\/td>\n<td width=\"469\">Windows Message Queuing Client (MSMQC) Information Disclosure<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20691<\/td>\n<td width=\"469\">Windows Themes Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20692<\/td>\n<td width=\"469\">Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20694<\/td>\n<td width=\"469\">Windows CoreMessaging Information Disclosure\u00a0 Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21311<\/td>\n<td width=\"469\">Windows Cryptographic Services Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21313<\/td>\n<td width=\"469\">Windows TCP\/IP Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21314<\/td>\n<td width=\"469\">Windows Message Queuing Client (MSMQC) Information Disclosure<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Remote Code Execution (11 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Critical severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20700<\/td>\n<td width=\"469\">Windows Hyper-V Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20654<\/td>\n<td width=\"469\">Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20655<\/td>\n<td width=\"469\">Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20676<\/td>\n<td width=\"469\">Azure Storage Mover Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20677<\/td>\n<td width=\"469\">Microsoft Office Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20682<\/td>\n<td width=\"469\">Windows Cryptographic Services Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20696<\/td>\n<td width=\"469\">Windows Libarchive Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20697<\/td>\n<td width=\"469\">Windows Libarchive Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21307<\/td>\n<td width=\"469\">Remote Desktop Client Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21318<\/td>\n<td width=\"469\">Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21325<\/td>\n<td width=\"469\">Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Elevation of Privilege (10 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20653<\/td>\n<td width=\"469\">Microsoft Common Log File System Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20656<\/td>\n<td width=\"469\">Visual Studio Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20657<\/td>\n<td width=\"469\">Windows Group Policy Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20658<\/td>\n<td width=\"469\">Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20681<\/td>\n<td width=\"469\">Windows Subsystem for Linux Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20683<\/td>\n<td width=\"469\">Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20686<\/td>\n<td width=\"469\">Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20698<\/td>\n<td width=\"469\">Windows Kernel Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21309<\/td>\n<td width=\"469\">Windows Kernel-Mode Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21310<\/td>\n<td width=\"469\">Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Denial of Service (6 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20661<\/td>\n<td width=\"469\">Microsoft Message Queuing Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20672<\/td>\n<td width=\"469\">.NET Core and Visual Studio Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20687<\/td>\n<td width=\"469\">Microsoft AllJoyn API Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20699<\/td>\n<td width=\"469\">Windows Hyper-V Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21312<\/td>\n<td width=\"469\">.NET Framework Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21319<\/td>\n<td width=\"469\">Microsoft Identity Denial of Service Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Security Feature Bypass (6 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Critical severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20674<\/td>\n<td width=\"469\">Windows Kerberos Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important Severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0057<\/td>\n<td width=\"469\">.NET, .NET Framework, and Visual Studio Framework Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20652<\/td>\n<td width=\"469\">Windows HTML Platforms Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20666<\/td>\n<td width=\"469\">BitLocker Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21305<\/td>\n<td width=\"469\">Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21316<\/td>\n<td width=\"469\">Windows Server Key Distribution Service Security Feature Bypass<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Spoofing (3 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20690<\/td>\n<td width=\"469\">Windows Nearby Sharing Spoofing Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21306<\/td>\n<td width=\"469\">Microsoft Bluetooth Driver Spoofing Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21320<\/td>\n<td width=\"469\">Windows Themes Spoofing Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3><strong>Appendix B: Exploitability<\/strong><\/h3>\n<p>This is a list of the January CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release. Each list is further arranged by CVE. No CVEs addressed in the January patch collection are known to be under active exploit in the wild yet.<\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Exploitation more likely within 30 days<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20652<\/td>\n<td width=\"469\">Windows HTML Platforms Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20653<\/td>\n<td width=\"469\">Microsoft Common Log File System Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20674<\/td>\n<td width=\"469\">Windows Kerberos Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20683<\/td>\n<td width=\"469\">Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20686<\/td>\n<td width=\"469\">Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20698<\/td>\n<td width=\"469\">Windows Kernel Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21307<\/td>\n<td width=\"469\">Remote Desktop Client Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21310<\/td>\n<td width=\"469\">Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21318<\/td>\n<td width=\"469\">Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3><strong>\u00a0<\/strong><strong>Appendix C: Products Affected<\/strong><\/h3>\n<p>This is a list of December\u2019s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family.<\/p>\n<p><strong>Windows (38 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Critical severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20674<\/td>\n<td width=\"469\">Windows Kerberos Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20700<\/td>\n<td width=\"469\">Windows Hyper-V Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20652<\/td>\n<td width=\"469\">Windows HTML Platforms Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20653<\/td>\n<td width=\"469\">Microsoft Common Log File System Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20654<\/td>\n<td width=\"469\">Microsoft ODBC Driver Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20655<\/td>\n<td width=\"469\">Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20657<\/td>\n<td width=\"469\">Windows Group Policy Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20658<\/td>\n<td width=\"469\">Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20660<\/td>\n<td width=\"469\">Windows Message Queuing Client Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20661<\/td>\n<td width=\"469\">Microsoft Message Queuing Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20662<\/td>\n<td width=\"469\">Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20663<\/td>\n<td width=\"469\">Windows Message Queuing Client (MSMQC) Information Disclosure<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20664<\/td>\n<td width=\"469\">Microsoft Message Queuing Client Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20666<\/td>\n<td width=\"469\">BitLocker Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20680<\/td>\n<td width=\"469\">Windows Message Queuing Client (MSMQC) Information Disclosure<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20681<\/td>\n<td width=\"469\">Windows Subsystem for Linux Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20682<\/td>\n<td width=\"469\">Windows Cryptographic Services Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20683<\/td>\n<td width=\"469\">Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20686<\/td>\n<td width=\"469\">Win32k Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20687<\/td>\n<td width=\"469\">Microsoft AllJoyn API Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20690<\/td>\n<td width=\"469\">Windows Nearby Sharing Spoofing Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20691<\/td>\n<td width=\"469\">Windows Themes Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20692<\/td>\n<td width=\"469\">Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20694<\/td>\n<td width=\"469\">Windows CoreMessaging Information Disclosure\u00a0 Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20696<\/td>\n<td width=\"469\">Windows Libarchive Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20697<\/td>\n<td width=\"469\">Windows Libarchive Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20698<\/td>\n<td width=\"469\">Windows Kernel Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20699<\/td>\n<td width=\"469\">Windows Hyper-V Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21305<\/td>\n<td width=\"469\">Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21306<\/td>\n<td width=\"469\">Microsoft Bluetooth Driver Spoofing Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21307<\/td>\n<td width=\"469\">Remote Desktop Client Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21309<\/td>\n<td width=\"469\">Windows Kernel-Mode Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21310<\/td>\n<td width=\"469\">Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21311<\/td>\n<td width=\"469\">Windows Cryptographic Services Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21313<\/td>\n<td width=\"469\">Windows TCP\/IP Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21314<\/td>\n<td width=\"469\">Windows Message Queuing Client (MSMQC) Information Disclosure<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21316<\/td>\n<td width=\"469\">Windows Server Key Distribution Service Security Feature Bypass<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21320<\/td>\n<td width=\"469\">Windows Themes Spoofing Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>.NET (5 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0056<\/td>\n<td width=\"469\">Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0057<\/td>\n<td width=\"469\">.NET, .NET Framework, and Visual Studio Framework Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20672<\/td>\n<td width=\"469\">.NET Core and Visual Studio Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21312<\/td>\n<td width=\"469\">.NET Framework Denial of Service Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21319<\/td>\n<td width=\"469\">Microsoft Identity Denial of Service Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Visual Studio (4 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0056<\/td>\n<td width=\"469\">Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0057<\/td>\n<td width=\"469\">.NET, .NET Framework, and Visual Studio Framework Security Feature Bypass Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20656<\/td>\n<td width=\"469\">Visual Studio Elevation of Privilege Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21319<\/td>\n<td width=\"469\">Microsoft Identity Denial of Service Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Azure (2 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0056<\/td>\n<td width=\"469\">Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Information Disclosure Vulnerability<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20676<\/td>\n<td width=\"469\">Azure Storage Mover Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Microsoft Identity Model (1 CVE)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21319<\/td>\n<td width=\"469\">Microsoft Identity Denial of Service Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Microsoft Printer Metadata Troubleshooter Tool (1 CVE)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21325<\/td>\n<td width=\"469\">Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Office (1 CVE)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-20677<\/td>\n<td width=\"469\">Microsoft Office Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>SharePoint (1 CVE)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-21318<\/td>\n<td width=\"469\">Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>SQL Server (1 CVE)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"2\" width=\"601\"><strong>Important severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0056<\/p>\n<p>&nbsp;<\/td>\n<td width=\"469\">Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Information Disclosure Vulnerability<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3><strong>Appendix D: Advisories and Other Products<\/strong><\/h3>\n<p>This is a list of advisories and information on other relevant CVEs in the December Microsoft release, sorted by product.<\/p>\n<p><strong>Relevant to Edge \/ Chromium (4 CVEs)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"132\">CVE-2024-0222<\/td>\n<td width=\"469\">Chromium: CVE-2024-0222 Use after free in ANGLE<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0223<\/td>\n<td width=\"469\">Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0224<\/td>\n<td width=\"469\">Chromium: CVE-2024-0224 Use after free in WebAudio<\/td>\n<\/tr>\n<tr>\n<td width=\"132\">CVE-2024-0225<\/td>\n<td width=\"469\">Chromium: CVE-2024-0225 Use after free in WebGPU<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Relevant to Windows (third-party product) (one CVE)<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"132\">CVE-2022-35737<\/td>\n<td width=\"469\">MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/li>\n<\/ul><\/div>\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/01\/09\/2024s-first-patch-tuesday-steps-lightly\/\" target=\"bwo\" >http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/01\/2401-hero.png\"\/><\/p>\n<p><strong>Credit to Author: Angela Gunn| Date: Tue, 09 Jan 2024 22:03:14 +0000<\/strong><\/p>\n<p>Four dozen fixes and a handful of advisories make for the quietest January since 2020<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[129,30680,10516,19245,30681,16771,10525],"class_list":["post-23651","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-featured","tag-kerberos","tag-microsoft","tag-patch-tuesday","tag-security-feature-bypass","tag-threat-research","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23651"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23651\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23651"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}