In its recent Patch Tuesday updates for January 2024, Microsoft has diligently addressed 48 security flaws across its software, underlining its commitment to fortifying cyber security. Notably, the absence of zero-day vulnerabilities for the second consecutive Patch Tuesday signifies a proactive approach to security. This blog post delves into the critical vulnerabilities patched this month and outlines detailed remediation steps for users.

Technical Details:

• Update Overview: January 2024 Windows Update
• Total Vulnerabilities Patched: 48
• Severity Levels: Include breakdown of vulnerabilities by severity (Critical, High, Moderate, Low)
• Affected Systems: List the versions of Windows and related software impacted
• Notable Vulnerabilities: Highlight any particularly noteworthy or severe vulnerabilities

Critical Vulnerabilities:

Among the 48 bugs, two have been classified as Critical, while 46 are rated as Important in severity. The most critical vulnerabilities patched this month are highlighted below:

• CVE-2024-20674 (CVSS score: 9.0) – Windows Kerberos Security Feature Bypass Vulnerability:

This flaw allows for impersonation by bypassing the authentication feature. An authenticated attacker could exploit this vulnerability through a machine-in-the-middle (MitM) attack or local network spoofing technique, sending a malicious Kerberos message to the victim machine.

Note: Successful exploitation requires an attacker to gain access to the restricted network first.

• CVE-2024-20700 (CVSS score: 7.5) – Windows Hyper-V Remote Code Execution Vulnerability:

This vulnerability does not require authentication or user interaction for remote code execution.

The exact location of the attacker for successful exploitation is unclear, whether on the LAN where the hypervisor resides or within a virtual network created and managed by the hypervisor.

Note: Winning a race condition is a prerequisite for staging an attack.

Other Notable Flaws:

Apart from the critical vulnerabilities, several other notable flaws have been addressed in the January 2024 Patch Tuesday:

• CVE-2024-20653 (CVSS score: 7.8): Privilege escalation flaw impacting the Common Log File System (CLFS) driver.
• CVE-2024-0056 (CVSS score: 8.7): Security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient, enabling a machine-in-the-middle attack for decrypting and modifying TLS traffic.

Proactive Security Measures:

• Microsoft is taking proactive steps to enhance security beyond vulnerability patches. These measures include:
• Disabling the ability to insert FBX files in Word, Excel, PowerPoint, and Outlook in Windows by default (CVE-2024-20677, CVSS score: 7.8).
• Addressing a security flaw to prevent potential remote code execution.

Remediation Steps:

• Ensure that all systems running Windows are updated with the January 2024 patch immediately. Delaying these updates leaves systems vulnerable to exploitation.
• After applying the updates, review system logs to confirm successful implementation. Verify that all components have been updated correctly to ensure no vulnerability remains unaddressed.
• Intensify monitoring of network traffic and system activities to detect any anomalies or signs of compromise, especially in the context of the recently patched vulnerabilities.
• Regularly scan your systems for vulnerabilities. Even after applying updates, new vulnerabilities can emerge. Continuous scanning helps in early detection and prompt mitigation.
• Educate users about the importance of regular updates and safe computing practices. Awareness can significantly reduce the risk of successful exploits, especially those involving social engineering.