Microsoft fixes critical flaws in Windows Kerberos, Hyper-V

For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700.
None of the vulnerabilities fixed this time aroundare under active exploitation or have been previously publicly disclosed.
CVE-2024-20674 is a security feature bypass vulnerability that may allow attackers to impersonate Windows' Kerberos server.
Though an attacker must first gain access to the restricted network before running an attack, Microsoft thinks that the likelihood of attackers exploiting this flaw is considerable and the complexity of attack is low, and has therefore urged admins to prioritize testing and deploying this patch.
CVE-2024-20700 is a remote code execution flaw in Windows' Hyper-V native hypervisor.
Once again, an attacker first needs to gain access to the restricted network before deploying an exploit for this flaw.
Satnam Narang, senior staff research engineer at Tenable, singled out CVE-2024-21318, a remote code execution vulnerability in Microsoft SharePoint Server.
Other vulnerabilities deemed more likely to be exploited are several elevation of privilege vulnerabilities in Windows Clouds Files Mini Filter Driver, Common Log File System, Windows Kernel and Win32k, Narang also pointed out.
Finally, Microsoft has fixed CVE-2024-20677, a vulnerability in Microsoft Office that could lead to remote code execution via FBX files.
The company fixed this flaw by disabling the ability to insert FBX files in Word, Excel, PowerPoint and Outlook for Windows and Mac.

This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 09 Jan 2024 20:43:15 +0000

Cyber News related to Microsoft fixes critical flaws in Windows Kerberos, Hyper-V

What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com

Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V - Microsoft hit the ground running with the first Patch Tuesday release for 2024, rolling out security fixes for at least 49 security defects in a wide range of Windows OS and software components. The company called special attention to a pair of flaws ...
1 year ago Securityweek.com CVE-2024-20674 CVE-2024-20700

Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely - Security researchers have uncovered a significant remote code execution vulnerability in Microsoft’s Windows Key Distribution Center (KDC) Proxy that could potentially allow attackers to gain complete control over affected servers. The ...
4 weeks ago Cybersecuritynews.com CVE-2024-43639

Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update - Both affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution bug; and CVE-2024-21408, which is a denial-of-service vulnerability. The update includes fixes for a total of 18 RCE flaws and two dozen ...
1 year ago Darkreading.com CVE-2024-21407 CVE-2024-21408

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
10 months ago Bleepingcomputer.com CVE-2024-30046

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws - The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to ...
1 year ago Malwarebytes.com CVE-2024-21407 CVE-2024-21408 CVE-2024-21334

Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
2 years ago Securityaffairs.com

Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
1 year ago Darkreading.com CVE-2024-20674 CVE-2024-20700 CVE-2024-21307 CVE-2024-21318 CVE-2023-21310 CVE-2023-36036 CVE-2024-20653 CVE-2024-20698 CVE-2024-20683 CVE-2024-20686

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
1 year ago Bleepingcomputer.com

Windows 10 KB5035845 update released with 9 new changes, fixes - Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. After installing this mandatory Windows 10 cumulative update, the March 2024 Patch Tuesday security updates ...
1 year ago Bleepingcomputer.com

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
1 year ago Bleepingcomputer.com CVE-2023-20588

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V - For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have ...
1 year ago Helpnetsecurity.com CVE-2024-20700 CVE-2024-20674 CVE-2024-21318 CVE-2024-20677

Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws - Microsoft on Tuesday rolled out fixes for several critical security flaws in the Windows ecosystem and warned that hackers could target these issues to take complete control of unpatched machines. As part of its regular Patch Tuesday releases, ...
1 year ago Securityweek.com CVE-2023-36019

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs - Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn ...
1 year ago Bleepingcomputer.com CVE-2024-20677 CVE-2024-20674

Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs - Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. Two weeks ago, the company introduced Copilot to Windows 10 Insiders ...
1 year ago Bleepingcomputer.com

Microsoft fixes VPN failures caused by April Windows updates - The list of impacted Windows versions includes Windows 11, Windows 10, and Windows Server 2008 and later. Since Redmond includes all security fixes in a single update, uninstalling the April updates will also remove all fixes for patched security ...
10 months ago Bleepingcomputer.com

Microsoft Fixes 12 RCE Bugs in January Patch Tuesday - Microsoft has begun the year with patches for a near-half century of CVEs, although there were no zero-day bugs addressed in the January 2024 Patch Tuesday yesterday. The haul included fixes for just two critical CVEs: impacting the Windows Kerberos ...
1 year ago Infosecurity-magazine.com CVE-2024-20700

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

March Patch Tuesday fixes Hyper-V guest-host escape The Register - Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities - none listed as under active attack or already known to the public. The second critical vulnerability, CVE-2024-21408, is a denial of service ...
1 year ago Go.theregister.com CVE-2024-21408 CVE-2024-21334 CVE-2023-32282 CVE-2024-23717 CVE-2023-48788 CVE-2023-36554 CVE-2023-46717

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
3 weeks ago Bleepingcomputer.com

CVE-2022-39294 - conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling ...
1 year ago

How to Download the Windows 11 KB5022360 Preview Update with 15 Improvements? - Are you looking to download the Windows 11 KB5022360 Preview update with 15 improvements? Microsoft has recently released the preview of the Windows 11 KB5022360 update that contains several improvements and fixes, including nine security updates, to ...
2 years ago Bleepingcomputer.com

Microsoft: Windows 11 preview update causes taskbar crashes - Microsoft warned customers on Thursday that the May 2024 non-security preview update for Windows 11 is causing taskbar crashes and glitches. This month's KB5037853 optional update was released on Thursday, and it fixes multiple File Explorer problems ...
10 months ago Bleepingcomputer.com

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V

Cyber News related to Microsoft fixes critical flaws in Windows Kerberos, Hyper-V

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)