⚡ TL;DR | Go Straight to the January 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The January 2024 edition of Patch Tuesday brings us 56 new fixes, with 2 rated as critical. We’ve listed the most important changes below.
Windows Kerberos Security Feature Bypass Vulnerability
We start this Patch Tuesday off with CVE-2024-20674, with a CVSS base score of 9 and Microsoft lists it as being more than likely to be exploited. By abusing the vulnerability, an attacker can bypass authentication.
Microsoft provided additional details regarding the exploitation:
An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server.
Microsoft
The one major condition is that the attacker will need to access the network first before being able to execture and attack.
Windows Hyper-V Remote Code Execution Vulnerability
The second critical vulnerability this month is one in Hyper-V, CVE-2024-20700. Microsoft doesn’t provide a lot of information on this vulnerability but unlike the Kerberos vulnerability this one isn’t listed as being likely to be exploited. Similar to the previous vulneraiblity, an attacker does need access to the network first.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Another vulnerability that is marked as likely to be exploited is CVE-2024-21318. An attacker does need to be have access to the “Site Owner” permission. If successfull, an attacker can inject arbitrary code and execute this code in the context of SharePoint Server.
Run the Patch Tuesday January 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday January 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2024-21320 | Windows Themes Spoofing Vulnerability |
| CVE-2024-21319 | Microsoft Identity Denial of service vulnerability |
| CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-21312 | .NET Framework Denial of Service Vulnerability |
| CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability |
| CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability |
| CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass |
| CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure |
| CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability |
| CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability |
| CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability |
| CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability |
| CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
| CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability |
| CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability |
| CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
| CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability |
| CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability |
| CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow |
| CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability |
| CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability |
| CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability |
| CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure |
| CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
| CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability |
| CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability |
| CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability |
| CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2023-36042 | Visual Studio Denial of Service Vulnerability |
| CVE-2023-29349 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| CVE-2023-32028 | Microsoft SQL OLE DB Remote Code Execution Vulnerability |
| CVE-2023-32027 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32026 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-32025 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-29356 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
