Tuesday fixes in January prepared for users a reliable protection against hacking systems.
Microsoft has released patches for 49 vulnerabilities, including 12 remote code execution vulnerabilities, as part of its monthly Patch Tuesday update cycle in January 2024.
Of all the updates, only 2 vulnerabilities were rated "critical":
Here is the distribution of updates by vulnerability category:
The total number of patched vulnerabilities is 49, not counting the 4 patched vulnerabilities in Microsoft Edge in early January.
In addition, Microsoft has published articles detailing non-security updates: cumulative Windows 11 update KB5034123 and Windows 10 update KB5034122.
Among the fixed vulnerabilities, special attention is drawn to the bug in Office CVE-2024-20677 (CVSS score: 7.8), which allows an attacker to create malicious Office documents with embedded 3D FBX models for remote code execution. Microsoft has disabled the ability to insert FBX files into Word, Excel, PowerPoint, and Outlook for Windows and Mac. The vulnerability affects Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.
You can read a full description of each vulnerability and the affected system in a special report on this page.
Microsoft has released patches for 49 vulnerabilities, including 12 remote code execution vulnerabilities, as part of its monthly Patch Tuesday update cycle in January 2024.
Of all the updates, only 2 vulnerabilities were rated "critical":
- CVSS: 9.0.Windows Kerberos (CVE-2024-20674 with an assessmentsecurity bypass vulnerability) allows an authenticated cybercriminal to launch a man-in-the-Middle (MitM) attack or other spoofing techniques on the local network, and then send a malicious Kerberos message to the victim client computer in order to: impersonate the Kerberos authentication server;
- CVSS: 7.5.RCE in Hyper-V CVE-2024-20700 with an evaluationExecution,CodeRemotevulnerability of remote code execution. The error occurs due to the Race Condition. It is noted that exploiting the vulnerability is unlikely.
Here is the distribution of updates by vulnerability category:
- 10 privilege escalation vulnerabilities;
- 7 security bypass vulnerabilities;
- 12 remote code execution vulnerabilities;
- 11 disclosure vulnerabilities;
- 6 Denial of Service (DoS)Vulnerabilities;
- 3 spoofing vulnerabilities.
The total number of patched vulnerabilities is 49, not counting the 4 patched vulnerabilities in Microsoft Edge in early January.
In addition, Microsoft has published articles detailing non-security updates: cumulative Windows 11 update KB5034123 and Windows 10 update KB5034122.
Among the fixed vulnerabilities, special attention is drawn to the bug in Office CVE-2024-20677 (CVSS score: 7.8), which allows an attacker to create malicious Office documents with embedded 3D FBX models for remote code execution. Microsoft has disabled the ability to insert FBX files into Word, Excel, PowerPoint, and Outlook for Windows and Mac. The vulnerability affects Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.
You can read a full description of each vulnerability and the affected system in a special report on this page.
