The first Patch Tuesday of 2024 takes small steps

Patch Tuesday

A second month of ( relatively ) few Microsoft releases is a treat because January is n’t typically the lightest month on patch managers ‘ calendars. The business released 48 CVEs on Tuesday, 38 of which were for Windows.

Eight additional product categories or tools are also impacted. Only two of the CVEs mentioned by Microsoft are deemed Critical in severity, and they both impact Windows.

None of the problems are known to be being exploited in the wild at patch time, and none have been made public. However, the company believes that nine of the Windows and SharePoint vulnerabilities that have been fixed—including a Critical-Severity CVE that affects Kerberos—are more likely to be exploited within the next 30 days. Protections for Sophos can detect four of those, and we include information on those in a table below.

In addition to the 48 patches, the release also contained details on four Chrome CVEs ( released last week ) that have an impact on Edge as well as one MITRE-assignedCVE that deals with SQLite, an open-source database engine. ( This month, there are no Adobe offerings. ) Although we do n’t list those problems in the CVE counts and graphics below, we do include details in an appendix at the end of the article. As per usual, three additional appendices are included at the end of this post and list every Microsoft patch, arranged by severity, anticipated exploitability, and product family.

based on the numbers

Microsoft CVEs in total: 48
Updated Microsoft advisories totaling 0
Issues with Total Edge / Chrome covered in the update: 4
0 publicly disclosed
0 Exploited
Severity
- Important: 2
- Significant: 46

Impact

Disclosure of Information: 12
Execution of Remote Code: 11
Privilege Elevation: 10
Service Denial: 6
Bypass for security features: 6
3 Spoofing

In January, information-disclosure issues outnumber both EoP and RCE bugs, so you’re reading the labels correctly. Security feature bypass problems, one of which is Critical- severity, also put on a good performance.

Products

38 Windows
NET: 5 ( including one shared with Azure, SQL Server, and Visual Studio, one share with Microsoft Identity Model/NuGet/Visual Studio ).
Visual Studio: 4 ( one shared with Microsoft Identity Model/NuGet, one with.NET, Azure, and SQL Server, among others )
Azure: 2 ( including a shared one with Visual Studio, SQL Server, and.NET )
Shared with.NET and Visual Studio: Microsoft Identity Model / NuGet: 1.
Tool for troubleshooting Microsoft Printer Metadata: 1.
Office: 1.
SharePoint: 1.
Shared with.NET, Azure, and Visual Studio is SQL Server: 1.

Figure 2: Although Windows is heavily represented in this month’s patches, there are also a few less well-known tools and applications included ( full names are shown in the tables below )

notable updates from January

A few specific things, in addition to the ones already covered, are important to note.

Security Feature Bypass Vulnerability in the CVE-2024–0057 —.NET, NET Framework, and Visual Studio Framework
Bypass Vulnerability for Windows Kerberos Security Feature CVE 2024- 20674

Only the Kerberos problem is deemed Critical-class by Microsoft out of these two security feature bypass issues. The CVSS scoring system begs to differ because it mandates that scorers take realistic worst-case scenarios into account when assessing bugs in software libraries. Thus, their CVSS base scores are 9.1 and 9.0, respectively. Administrators are urged to give these two patches priority in any case.

Execution Vulnerability of Windows Libarchive Remote CodeCVE-2024-20696
Execution Vulnerability of Windows Libarchive Remote CodeCVE-2024-20697

The title of these two identically named Important-class RCEs gives away a lot about their significance because they have an impact on Libarchive, the program that allows users to read and write in various compression and archive formats.

Bypass Vulnerability for BitLocker Security Feature in CVE 2024- 20666

This time, a security feature was bypassed once more. For most versions of Windows 11, this is now a fully automated process, and those relying on WSUS are automatically updated. However, those working in more complex environments are strongly encouraged to check Microsoft’s published guidance for specific instructions. This issue stands out for some fairly nuanced requirements regarding servicing the SafeOS. In any case, the attacker needs to have physical access to the machine being attacked.

Hypervisor- Protected Code Integrity ( HVCI) Security Feature Bypass Vulnerability in CVE 2024-21305

The two CVEs with the lowest CVSS base scores this month have something in common: they both bypass security features. However, this one only scores a 4.4 base score and necessitates that the attacker have physical access to the target machine and previously compromised admin credentials. It has an impact on a variety of Windows client and server versions as well as 15 versions of the Surface for those who are still using that hardware.

Protections for Sophos

CVE	X/Endpoint IPS Sophos Intercept	Firewall Sophos XGS
CVE-2024-20653	Exp/2420653-A	Exp/2420653-A
CVE-2024-20698	Exp/2420698-A	Exp/2420698-A
CVE-2024-21307	Exp/2421307-A	Exp/2421307-A
CVE-2024-21310	Exp/2421310-A	Exp/2421310-A

If you do n’t want to wait for your computer to automatically remove Microsoft’s updates each month, you can manually download them from the Windows Update Catalog website. Take off the winver. Use the exe tool to find out which version of Windows 10 or 11 you are using, then download the Cumulative Update package for the architecture and build number of your particular system.

Vulnerability Impact and Severity, Appendix A

This is a list of January patches that are sub-sorted by severity after impact. CVE further organizes each list after that.

Information Disclosure ( 12 CVEs )

significant severity
CVE-2024-0056	Microsoft. Information. System and SQLClient. Information. Vulnerability of SQLClient SQL Data Provider Information Disclosure
CVE-2024-20660	Client Information Disclosure Vulnerability in Windows Message Queuing
CVE-2024-20662	Information Disclosure Vulnerability in Windows Online Certificate Status Protocol ( OCSP)
CVE-2024-20663	Information Disclosure for Windows Message Queuing Client ( MSMQC )
CVE-2024-20664	Vulnerability of Microsoft Message Queuing Client Information Disclosure
CVE-2024-20680	Information Disclosure for Windows Message Queuing Client ( MSMQC )
CVE-2024-20691	Information Disclosure Vulnerability in WindowsThemes
CVE-2024-20692	Vulnerability of Microsoft Local Security Authority Subsystem Service Information Disclosure
CVE-2024-20694	Information Disclosure and Vulnerability in WindowsCoreMessaging
CVE-2024-21311	Information Disclosure Vulnerability in Windows Cryptographic Services
CVE-2024-21313	Information Disclosure Vulnerability in Windows TCP/IP
CVE-2024-21314	Information Disclosure for Windows Message Queuing Client ( MSMQC )

Execution of remote code ( 11 CVEs )

Critically serious
CVE-2024-20700	Vulnerability of Windows Hyper- V Remote Code Execution
significant severity
CVE-2024-20654	Vulnerability of Microsoft ODBC Driver Remote Code Execution
CVE-2024-20655	Remote Code Execution Vulnerability in Microsoft Online Certificate Status Protocol ( OCSP)
CVE-2024-20676	Vulnerability of Azure Storage Mover Remote Code Execution
CVE-2024-20677	Vulnerability of Microsoft Office Remote Code Execution
CVE-2024-20682	Vulnerability of Windows Cryptographic Services Remote Code Execution
CVE-2024-20696	Execution Vulnerability of Windows Libarchive Remote Code
CVE-2024-20697	Execution Vulnerability of Windows Libarchive Remote Code
CVE-2024-21307	Vulnerability of remote desktop client remote code execution
CVE-2024-21318	Vulnerability of Microsoft SharePoint Server Remote Code Execution
CVE-2024-21325	Vulnerability of Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution

Privilege Elevation ( 10 CVEs )

significant severity
CVE-2024-20653	Elevation of Privilege Vulnerability in the Microsoft Common Log File System
CVE-2024-20656	Elevation of Privilege Vulnerability in Visual Studio
CVE-2024-20657	Elevation of Privilege Vulnerability in Windows Group Policy
CVE-2024-20658	Privilege Vulnerability Improvement on Microsoft Virtual HardDisk
CVE-2024-20681	Elevation of Privilege Vulnerability in the Windows Subsystem for Linux
CVE-2024-20683	Elevation of Privilege Vulnerability in Win32k
CVE-2024-20686	Elevation of Privilege Vulnerability in Win32k
CVE-2024-20698	Elevation of the Windows Kernel’s Privilege Vulnerability
CVE-2024-21309	Driver Elevation of Privilege Vulnerability in Windows Kernel Mode
CVE-2024-21310	Elevation of Privilege Vulnerability in Windows Cloud Files Mini Filter Driver

Service Denial ( 6 CVEs )

significant severity
CVE-2024-20661	Microsoft Message Queuing Service Vulnerability Denial
CVE-2024-20672	Visual Studio and.NET Core Denial of Service Vulnerability
CVE-2024-20687	Denial of Service Vulnerability for the Microsoft AllJoyn API
CVE-2024-20699	Denial of Service Vulnerability in Windows Hyper-V
CVE-2024-21312	Service vulnerability is denied by the.NET Framework
CVE-2024-21319	Vulnerability of Microsoft Identity Denial of Service

Security Feature Bypass ( 6 CVEs )

Critically serious
CVE-2024-20674	Bypass Vulnerability for Windows Kerberos Security Feature
Significant Severity
CVE-2024-0057	Security Feature Bypass Vulnerability for.NET, Visual Studio Framework, and Internet Framework
CVE-2024-20652	Security Feature Bypass Vulnerability for Windows HTML Platforms
CVE-2024-20666	Bypass Vulnerability for BitLocker Security Feature
CVE-2024-21305	Security Feature Bypass Vulnerability for Hypervisor- Protected Code Integrity ( HVCI)
CVE-2024-21316	Security Feature Bypass for Windows Server Key Distribution Service

( 3 CVEs ) Spoofing

significant severity
CVE-2024-20690	Windows Nearby Sharing Vulnerability Spoofing
CVE-2024-21306	Vulnerability Spoofing by Microsoft Bluetooth Driver
CVE-2024-21320	Windows themes that spoof vulnerability

Appendix B: Exploitability

Microsoft has determined that these January CVEs are more likely to be exploited in the wild within the first 30 days of release. Each list is further organized using CVE. There are currently no CVEs addressed in the January patch collection that are actively exploited in nature.

Exploitation is more likely to occur in 30 days.
CVE-2024-20652	Security Feature Bypass Vulnerability for Windows HTML Platforms
CVE-2024-20653	Elevation of Privilege Vulnerability in the Microsoft Common Log File System
CVE-2024-20674	Bypass Vulnerability for Windows Kerberos Security Feature
CVE-2024-20683	Elevation of Privilege Vulnerability in Win32k
CVE-2024-20686	Elevation of Privilege Vulnerability in Win32k
CVE-2024-20698	Elevation of the Windows Kernel’s Privilege Vulnerability
CVE-2024-21307	Vulnerability of remote desktop client remote code execution
CVE-2024-21310	Elevation of Privilege Vulnerability in Windows Cloud Files Mini Filter Driver
CVE-2024-21318	Vulnerability of Microsoft SharePoint Server Remote Code Execution

Appendix C: Products Affected, &nbsp

Here is a list of December’s patches, broken down by severity and product family. CVE further organizes each list. Each product family receives a separate listing of the patches that are shared among them.

( 38 CVEs ) Windows

Critically serious
CVE-2024-20674	Bypass Vulnerability for Windows Kerberos Security Feature
CVE-2024-20700	Vulnerability of Windows Hyper- V Remote Code Execution
significant severity
CVE-2024-20652	Security Feature Bypass Vulnerability for Windows HTML Platforms
CVE-2024-20653	Elevation of Privilege Vulnerability in the Microsoft Common Log File System
CVE-2024-20654	Vulnerability of Microsoft ODBC Driver Remote Code Execution
CVE-2024-20655	Remote Code Execution Vulnerability in Microsoft Online Certificate Status Protocol ( OCSP)
CVE-2024-20657	Elevation of Privilege Vulnerability in Windows Group Policy
CVE-2024-20658	Privilege Vulnerability Improvement on Microsoft Virtual HardDisk
CVE-2024-20660	Client Information Disclosure Vulnerability in Windows Message Queuing
CVE-2024-20661	Microsoft Message Queuing Service Vulnerability Denial
CVE-2024-20662	Information Disclosure Vulnerability in Windows Online Certificate Status Protocol ( OCSP)
CVE-2024-20663	Information Disclosure for Windows Message Queuing Client ( MSMQC )
CVE-2024-20664	Vulnerability of Microsoft Message Queuing Client Information Disclosure
CVE-2024-20666	Bypass Vulnerability for BitLocker Security Feature
CVE-2024-20680	Information Disclosure for Windows Message Queuing Client ( MSMQC )
CVE-2024-20681	Elevation of Privilege Vulnerability in the Windows Subsystem for Linux
CVE-2024-20682	Vulnerability of Windows Cryptographic Services Remote Code Execution
CVE-2024-20683	Elevation of Privilege Vulnerability in Win32k
CVE-2024-20686	Elevation of Privilege Vulnerability in Win32k
CVE-2024-20687	Denial of Service Vulnerability for the Microsoft AllJoyn API
CVE-2024-20690	Windows Nearby Sharing Vulnerability Spoofing
CVE-2024-20691	Information Disclosure Vulnerability in WindowsThemes
CVE-2024-20692	Vulnerability of Microsoft Local Security Authority Subsystem Service Information Disclosure
CVE-2024-20694	Information Disclosure and Vulnerability in WindowsCoreMessaging
CVE-2024-20696	Execution Vulnerability of Windows Libarchive Remote Code
CVE-2024-20697	Execution Vulnerability of Windows Libarchive Remote Code
CVE-2024-20698	Elevation of the Windows Kernel’s Privilege Vulnerability
CVE-2024-20699	Denial of Service Vulnerability in Windows Hyper-V
CVE-2024-21305	Security Feature Bypass Vulnerability for Hypervisor- Protected Code Integrity ( HVCI)
CVE-2024-21306	Vulnerability Spoofing by Microsoft Bluetooth Driver
CVE-2024-21307	Vulnerability of remote desktop client remote code execution
CVE-2024-21309	Driver Elevation of Privilege Vulnerability in Windows Kernel Mode
CVE-2024-21310	Elevation of Privilege Vulnerability in Windows Cloud Files Mini Filter Driver
CVE-2024-21311	Information Disclosure Vulnerability in Windows Cryptographic Services
CVE-2024-21313	Information Disclosure Vulnerability in Windows TCP/IP
CVE-2024-21314	Information Disclosure for Windows Message Queuing Client ( MSMQC )
CVE-2024-21316	Security Feature Bypass for Windows Server Key Distribution Service
CVE-2024-21320	Windows themes that spoof vulnerability

CVEs ( 5.NET )

significant severity
CVE-2024-0056	Microsoft. Information. System and SQLClient. Information. Vulnerability of SQLClient SQL Data Provider Information Disclosure
CVE-2024-0057	Security Feature Bypass Vulnerability for.NET, Visual Studio Framework, and Internet Framework
CVE-2024-20672	Visual Studio and.NET Core Denial of Service Vulnerability
CVE-2024-21312	Service vulnerability is denied by the.NET Framework
CVE-2024-21319	Vulnerability of Microsoft Identity Denial of Service

( 4 CVEs ) Visual Studio

significant severity
CVE-2024-0056	Microsoft. Information. System and SQLClient. Information. Vulnerability of SQLClient SQL Data Provider Information Disclosure
CVE-2024-0057	Security Feature Bypass Vulnerability for.NET, Visual Studio Framework, and Internet Framework
CVE-2024-20656	Elevation of Privilege Vulnerability in Visual Studio
CVE-2024-21319	Vulnerability of Microsoft Identity Denial of Service

( 2 CVEs ) Azure

significant severity
CVE-2024-0056	Microsoft. Information. System and SQLClient. Information. Vulnerability of SQLClient SQL Data Provider Information Disclosure
CVE-2024-20676	Vulnerability of Azure Storage Mover Remote Code Execution

CVE ( Microsoft Identity Model )

significant severity
CVE-2024-21319	Vulnerability of Microsoft Identity Denial of Service

Troubleshooter Tool ( 1 CVE ) for Microsoft Printer Metadata

significant severity
CVE-2024-21325	Vulnerability of Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution

Office ( CVE )

significant severity
CVE-2024-20677	Vulnerability of Microsoft Office Remote Code Execution

SharePoint ( 1 CVE )

significant severity
CVE-2024-21318	Vulnerability of Microsoft SharePoint Server Remote Code Execution

( 1 CVE ) SQL Server

significant severity
CVE-2024-0056	Microsoft. Information. System and SQLClient. Information. Vulnerability of SQLClient SQL Data Provider Information Disclosure

Advisories and Other Products, Appendix D

Sorted by product, this is a list of advisories and details on additional pertinent CVEs from the December Microsoft release.

Relevant to Chromium ( 4 CVEs ) and Edge

CVE-2024-0222	Use chromium: CVE- 2024- 0222 after receiving a free in ANGLE
CVE-2024-0223	Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE
CVE-2024-0224	Use Chromium: CVE -2024- 0224 after receiving a free trial on WebAudio.
CVE-2024-0225	Use Chromium: CVE-2024-0225 in WebGPU after free.