Headline
Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.
Tuesday, January 9, 2024 13:58
Microsoft followed up one of the lightest recent Patch Tuesdays in December with another month of no zero-day vulnerabilities and only two critical issues.
Many of the company’s monthly security updates in 2023 included vulnerabilities that were actively being exploited in the wild or had publicly available exploits already in circulation.
The company started out 2024 by disclosing 48 vulnerabilities on Tuesday across its suite of products and services, 46 of which are considered of “important” severity.
One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol. An attacker could carry out a man-in-the-middle attack to exploit this vulnerability and spoof the Kerberos authentication server, therefore bypassing the authentication process.
Because of Keberos’ presence on several of the most popular operating systems, Microsoft considers this vulnerability “more likely” to be exploited.
The other critical issue is CVE-2024-20700, which can lead to remote code execution. This vulnerability in Windows Hyper-V can be exploited if an adversary wins a race condition. Also, they must first gain access to a restricted network before an exploit can work.
There are two other remote code execution vulnerabilities that are worth mentioning, both of which Microsoft considers to be of “important” severity: CVE-2024-21307, which exists in Windows Remote Desktop Client, and CVE-2024-21318, which affects SharePoint Server.
In the case of CVE-2024-21307, the vulnerability can be triggered if an authenticated user connects to a malicious remote desktop server where the remote desktop host server sends a specially crafted Server RDP Preconnection that targets the remote client’s drive redirection virtual channel. This could lead to remote code execution on the victim’s machine.
CVE-2024-21318 is relatively easier for an attacker to hypothetically exploit, only requiring them to write and inject specific code to SharePoint Server.
The Windows Kernel also contains an elevation of privilege vulnerability, CVE-2024-20698, which could allow an attacker to gain SYSTEM privileges. There is little other information on how an attacker could exploit this vulnerability.
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 62847 – 62850 and 62854 – 62861. There are also Snort 3 rules 300797 – 300802.
Related news
Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.
Microsoft's patch Tuesday roundup looks like a relatively quiet one. Unless your organization uses FBX files.
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The