January 2024 Patch Tuesday: 7 Critical Vulnerabilities Amid 57 CVEs
Published on Jan 9, 2024 • Last updated on Nov 15, 2024
January 2024 Risk Analysis
No attribution of malware families available at the moment.
No attribution of threat actors available at the moment.
Critical Vulnerabilities
CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability
A critical Windows Kerberos authentication bypass vulnerability allows attackers to impersonate legitimate users by compromising the protocol when victims connect to a malicious server, such as a rogue SMB server. The flaw enables attackers to gain unauthorized system access with high impact on confidentiality, integrity, and availability, potentially leading to complete system compromise despite requiring user interaction. Given the widespread use of Kerberos authentication in enterprise environments and the severity of potential unauthorized access, this vulnerability represents a significant security risk to Windows infrastructure.
CVE-2024-20652
Windows HTML Platforms Security Feature Bypass Vulnerability
A security feature bypass vulnerability in Windows HTML Platform enables attackers to circumvent the MapURLToZone method by exploiting Lanman redirector or WebDav device paths to force an 'Intranet' Zone value. Despite requiring sophisticated target environment preparation for successful exploitation, this high-impact vulnerability could lead to complete system compromise with elevated privileges, potentially enabling arbitrary code execution and data theft across affected Windows systems.
CVE-2024-21326
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
A high-severity elevation of privilege vulnerability in Microsoft Edge allows attackers to bypass browser sandbox protections through specially crafted web content, requiring user interaction via clicking a malicious link. While this vulnerability alone doesn't enable arbitrary code execution, when chained with other vulnerabilities it could lead to a full browser compromise, potentially resulting in complete loss of confidentiality, integrity, and availability of browser resources. The vulnerability's criticality is amplified by its low attack complexity and potential for sandbox escape, making it an attractive target for threat actors seeking to establish browser-based attack chains.
CVE-2024-21318
Microsoft SharePoint Server Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft SharePoint Server allows an authenticated attacker with Site Owner permissions to inject and execute arbitrary code through a network-based attack vector, leveraging a deserialization of untrusted data weakness. The vulnerability requires low attack complexity and no user interaction, enabling an attacker to achieve high-severity impacts across confidentiality, integrity, and availability of the SharePoint Server. Given the widespread use of SharePoint in enterprise environments and the significant control an attacker could gain over affected systems, this vulnerability presents a serious risk to organizational security.
CVE-2024-0057
A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build. This could allow an adversary to subvert the app's typical authentication logic.
A critical security feature bypass vulnerability in Microsoft .NET Framework's X.509 chain building APIs incorrectly handles certificate validation due to a logic flaw, where malformed signatures can trigger an incorrect failure reason code that applications may misinterpret as successful validation. This vulnerability allows attackers to bypass authentication mechanisms by presenting specially crafted untrusted certificates, potentially leading to unauthorized access and system compromise across network-accessible applications. The high-severity rating reflects the worst-case implementation scenario for software libraries, as successful exploitation requires no user interaction and can result in complete compromise of affected systems' confidentiality, integrity, and availability.
CVE-2024-0056
A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This may allow the attacker to steal authentication credentials intended for the database server, even if the connection is established over an encrypted channel like TLS.
A critical vulnerability in Microsoft's SQL Data providers (Microsoft.Data.SqlClient and System.Data.SqlClient) enables adversary-in-the-middle attacks between SQL clients and servers, allowing attackers to intercept and modify TLS-encrypted traffic. The flaw permits attackers to decrypt sensitive communications and potentially steal authentication credentials intended for database servers, even when transmitted over encrypted channels. This vulnerability is particularly concerning as it can lead to scope change, allowing attackers to pivot from compromising the SQL Data Provider to potentially exploiting the SQL Server itself, making it a significant threat to database security and data confidentiality.
CVE-2024-21385
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
A use-after-free vulnerability in Microsoft Edge could enable an attacker to escape the browser sandbox and achieve elevation of privilege through a specially crafted website, though successful exploitation requires high attack complexity and user interaction. The vulnerability poses significant risk as it can lead to complete compromise of confidentiality, integrity, and availability of the affected system if an attacker successfully convinces a user to visit a malicious site and prepares the target environment appropriately. This browser sandbox escape is particularly concerning due to its potential to break out of browser security boundaries, allowing an attacker to gain broader system access despite requiring specific preconditions for successful exploitation.
All vulnerabilities
CVE ID | CVSS Score | Product | Trend | Exploit |
|---|---|---|---|---|
CVE-2024-21388Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | CVSS 6.5 | edge_chromium | Mar 28, 2024 | |
CVE-2024-21387Microsoft Edge for Android Spoofing Vulnerability | CVSS 5.3 | edge_chromium | - | |
CVE-2024-21385Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | CVSS 8.3 | edge_chromium | - | |
CVE-2024-21383Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVSS 3.3 | edge_chromium | - | |
CVE-2024-21382Microsoft Edge for Android Information Disclosure Vulnerability | CVSS 4.3 | edge_chromium | - | |
CVE-2024-21337Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | CVSS 5.2 | edge_chromium | - | |
CVE-2024-21336Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVSS 2.5 | edge_chromium | - | |
CVE-2024-21326Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | CVSS 9.6 | edge_chromium | - | |
CVE-2024-21325Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | CVSS 7.8 | printer_metadata_troubleshooter_tool | - | |
CVE-2024-21320Windows Themes Spoofing Vulnerability | CVSS 6.5 | windows_10_1507 | Apr 2, 2024 | |
CVE-2024-21319What kind of vulnerability is it? Who is impacted?
An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption (JWE) token with a high compression ratio. This token, when processed by a server, leads to excessive memory allocation and processing time during decompression, causing a denial-of-service (DoS) condition. It's important to note that the attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
A scope change (S:C) in the CVSS metric indicates that successful exploitation of this vulnerability could extend beyond the immediate processing of malicious tokens, affecting the overall availability of the system by causing a denial-of-service (DoS) condition. | CVSS 6.8 | .net | - | |
CVE-2024-21318Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 8.8 | sharepoint_server | - | |
CVE-2024-21316Windows Server Key Distribution Service Security Feature Bypass | CVSS 6.1 | windows_10_1607 | - | |
CVE-2024-21314Microsoft Message Queuing Information Disclosure Vulnerability | CVSS 6.5 | windows_10_1507 | - | |
CVE-2024-21313Windows TCP/IP Information Disclosure Vulnerability | CVSS 5.3 | windows_10_1507 | - | |
CVE-2024-21312A vulnerability was found in .NET due to insufficient validation of user-supplied input in the .NET Framework. This flaw allows a remote attacker to pass specially crafted input to the application and perform a denial of service (DoS) attack. | CVSS 7.5 | .net_framework | - | |
CVE-2024-21311Windows Cryptographic Services Information Disclosure Vulnerability | CVSS 5.5 | windows_10_1507 | - | |
CVE-2024-21310This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Only systems with long Win32 path support enabled are affected.<br/>The specific flaw exists within the cldflt.sys driver. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310</a> <br/></td> | CVSS 7.8 | windows_10_1809 | - | |
CVE-2024-21309Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows_11_21h2 | - | |
CVE-2024-21307Remote Desktop Client Remote Code Execution Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-21306Microsoft Bluetooth Driver Spoofing Vulnerability | CVSS 5.7 | windows_10_21h2 | Jan 23, 2024 | |
CVE-2024-21305Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | CVSS 4.4 | windows_10_1809 | - | |
CVE-2024-20700Windows Hyper-V Remote Code Execution Vulnerability | CVSS 7.5 | windows_10_1809 | - | |
CVE-2024-20699Windows Hyper-V Denial of Service Vulnerability | CVSS 5.5 | windows_10_1809 | - | |
CVE-2024-20698Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1809 | - | |
CVE-2024-20697Windows Libarchive Remote Code Execution Vulnerability | CVSS 7.3 | windows_11_22h2 | - | |
CVE-2024-20696Windows Libarchive Remote Code Execution Vulnerability | CVSS 7.3 | windows_10_1809 | - | |
CVE-2024-20694Windows CoreMessaging Information Disclosure Vulnerability | CVSS 5.5 | windows_10_1607 | - | |
CVE-2024-20692Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | CVSS 5.7 | windows_10_1507 | - | |
CVE-2024-20691Windows Themes Information Disclosure Vulnerability | CVSS 4.7 | windows_10_1507 | - | |
CVE-2024-20690Windows Nearby Sharing Spoofing Vulnerability | CVSS 6.5 | windows_10_1809 | - | |
CVE-2024-20687Microsoft AllJoyn API Denial of Service Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-20686Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows_server_2022_23h2 | - | |
CVE-2024-20683Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-20682Windows Cryptographic Services Remote Code Execution Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-20681Windows Subsystem for Linux Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_21h2 | - | |
CVE-2024-20680Windows Message Queuing Client (MSMQC) Information Disclosure | CVSS 6.5 | windows_10_1507 | - | |
CVE-2024-20677<p>A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.</p>
<p>3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.</p>
<p>This change is effective as of the January 9, 2024 security update.</p>
| CVSS 7.8 | 365_apps | Jan 31, 2024 | |
CVE-2024-20676Azure Storage Mover Remote Code Execution Vulnerability | CVSS 8 | azure_storage_mover | - | |
CVE-2024-20675Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | CVSS 6.3 | edge_chromium | - | |
CVE-2024-20674Windows Kerberos Security Feature Bypass Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-20672A vulnerability was found in .NET due to insufficient validation of user-supplied input. This flaw allows a remote attacker to pass specially crafted input to the application and perform a denial of service (DoS) attack. | CVSS 7.5 | .net | - | |
CVE-2024-20666BitLocker Security Feature Bypass Vulnerability | CVSS 6.6 | windows_10_1507 | Feb 6, 2024 | |
CVE-2024-20664Microsoft Message Queuing Information Disclosure Vulnerability | CVSS 6.5 | windows_10_1507 | - | |
CVE-2024-20663Windows Message Queuing Client (MSMQC) Information Disclosure | CVSS 6.5 | windows_10_1507 | - | |
CVE-2024-20662Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | CVSS 4.9 | windows_server_2008 | - | |
CVE-2024-20661Microsoft Message Queuing Denial of Service Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-20660Microsoft Message Queuing Information Disclosure Vulnerability | CVSS 6.5 | windows_10_1507 | - | |
CVE-2024-20658Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-20657Windows Group Policy Elevation of Privilege Vulnerability | CVSS 7 | windows_10_1507 | - | |
CVE-2024-20656Visual Studio Elevation of Privilege Vulnerability | CVSS 7.8 | visual_studio | Jan 14, 2024 | |
CVE-2024-20655Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | CVSS 6.6 | windows_server_2008 | - | |
CVE-2024-20654Microsoft ODBC Driver Remote Code Execution Vulnerability | CVSS 8 | windows_10_1507 | - | |
CVE-2024-20653Microsoft Common Log File System Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-20652Windows HTML Platforms Security Feature Bypass Vulnerability | CVSS 8.1 | windows_10_1507 | - | |
CVE-2024-0057A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggering a bug in the framework. The framework will correctly report that X.509 chain building failed, but it will return an incorrect reason code for the failure. Applications which utilize this reason code to make their own chain building trust decisions may inadvertently treat this scenario as a successful chain build. This could allow an adversary to subvert the app's typical authentication logic. | CVSS 9.8 | .net | - | |
CVE-2024-0056A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This may allow the attacker to steal authentication credentials intended for the database server, even if the connection is established over an encrypted channel like TLS. | CVSS 8.7 | .net | - |
