Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity.
For the second straight month, Microsoft's Patch Tuesday did not include any zero-day bugs, meaning administrators won't have to contend with any new vulnerabilities that attackers are actively exploiting at the moment - something that happened frequently in 2023.
Just Two Critical Severity Bugs As is typically the case, the CVEs that Microsoft disclosed Jan. 9 affected a wide range of its products and included privilege escalation vulnerabilities, remote code execution flaws, security bypass bugs, and other vulnerabilities.
The company classified 46 of the flaws as being of Important severity, including several that attackers were more likely than not to exploit.
One of two critical severity bugs in Microsoft's latest update is CVE-2024-20674, a Windows Kerberos security feature bypass vulnerability that allows attackers to bypass authentication mechanisms and launch impersonation attacks.
The vulnerability requires the attacker to have access to the same local network as the target.
Ken Breen, senior director of threat research at Immersive Labs, identified CVE-2024-20674 as a bug that organizations would do well to patch quickly.
The other critical vulnerability in Microsoft's latest batch of security updates is CVE-2024-20700, a remote code execution vulnerability in Windows Hyper-Virtualization technology.
The vulnerability is not especially easy to exploit because to do so, an attacker would already first need to be inside the network and adjacent to a vulnerable computer, according to a statement from Ben McCarthy, lead cybersecurity engineer at Immersive Labs.
The vulnerability also involves a race condition - a type of issue that's harder for an attacker to exploit than many other vulnerability types.
High-Priority Remote Code Execution Bugs Security researchers pointed to two other RCE bugs in the January update that merit priority attention: CVE-2024-21307 in Windows Remote Desktop Client and CVE-2024-21318 in SharePoint Server.
Microsoft identified CVE-2024-21307 as a vulnerability that attackers are more likely to exploit but has provided little information on why, according to Breen.
The company has noted that unauthorized attackers need to wait for a user to initiate a connection to be able to exploit the vulnerability.
A Few More Exploitable Privilege Escalation Bugs Microsoft's January update included patches for several privilege escalation vulnerabilities.
Among the most severe of them is for CVE-2023-21310, a privilege escalation bug in Windows Cloud Files Mini Filter Driver.
The flaw is very similar to CVE-2023-36036, a zero-day privilege escalation vulnerability in the same technology, which Microsoft disclosed in its November 2023 security update.
Attackers actively exploited that flaw to try and gain system level privileges on local machines - something they can do with the newly disclosed vulnerability as well.
Some of the other important privilege escalation bugs included CVE-2024-20653 in the Windows Common Log File System, CVE-2024-20698 in Windows Kernel, CVE-2024-20683 in Win32k, and CVE-2024-20686 in Win32k.
Microsoft has rated all of these flaws as issues attackers are more likely to exploit, according to a statement from Satnam Narang, senior staff research engineer at Tenable.
The flaw enables an attacker to perform a machine-in-the-middle attack, intercepting and potentially altering TLS traffic between a client and server, he notes.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 09 Jan 2024 23:00:34 +0000