Microsoft released its first patch on Tuesday, 2024, in which nearly 49 vulnerabilities have been fixed in Microsoft products and 5 vulnerabilities in non-Microsoft products.
Among these 49 vulnerabilities, there were 12 remote code execution vulnerabilities.
Only two vulnerabilities were categorized as critical by Microsoft, which were CVE-2024-20674 and CVE-2024-20700.
These two vulnerabilities were found to be related to the security feature bypass.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
According to the reports shared with Cyber Security News, several vulnerabilities existed in different Microsoft products,, including Microsoft Server,.
Of the two critical vulnerabilities stated by Microsoft, CVE-2024-20674 was associated with the Windows Kerberos Security Feature Bypass, and CVE-2024-20700 was related to remote code execution in Windows Hyper-V. In addition, there was another critical severity vulnerability with CVE-2024-0057 and another security feature bypass vulnerability affecting the.
Microsoft also stated that there were nine vulnerabilities in these 49, which are more likely to be exploited by threat actors.
The severity of these vulnerabilities ranges between 7.5 and 9.
There were no publicly exploited vulnerabilities among the patched list and five other non-Microsoft vulnerabilities belonging to SQLite and Google Chrome as per the Microsoft release notes for Jan 2024.
Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information.
All users should update their products to the latest version to prevent these vulnerabilities from being exploited by threat actors.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 12 Jan 2024 04:00:15 +0000