Home Cyber Security 2024’s first Patch Tuesday steps flippantly – Sophos Information

2024’s first Patch Tuesday steps flippantly – Sophos Information

0
2024’s first Patch Tuesday steps flippantly – Sophos Information

[ad_1]

Influence

  • Info Disclosure: 12
  • Distant Code Execution: 11
  • Elevation of Privilege: 10
  • Denial of Service: 6
  • Safety Function Bypass: 6
  • Spoofing: 3

 

A bar chart showing the distribution of January 2024 patches by impact, then severity; information conveyed in article text

Determine 1: You’re studying the labels appropriately: Info-disclosure points outnumber each EoP and RCE bugs in January. Safety function bypass points – one among them Important-severity — additionally make a robust exhibiting

Merchandise

  • Home windows: 38
  • .NET: 5 (together with on shared with Visible Studio; one shared with Microsoft Id Mannequin / NuGet and Visible Studio; and one shared with Azure, SQL Server, and Visible Studio)
  • Visible Studio: 4 (together with one shared with .NET; one shared with .NET and Microsoft Id Mannequin / NuGet; and one shared with .NET, Azure, and SQL Server)
  • Azure: 2 (together with one shared with .NET, SQL Server, and Visible Studio)
  • Microsoft Id Mannequin / NuGet: 1 (shared with .NET and Visible Studio)
  • Microsoft Printer Metadata Troubleshooter Instrument: 1
  • Workplace: 1
  • SharePoint: 1
  • SQL Server: 1 (shared with .NET, Azure, and Visible Studio)

A bar chart showing distribution of January 2024 patches by product family; information conveyed in text

Determine 2: Home windows is closely represented on this month’s patches, however a number of less-familiar instruments and functions are additionally within the combine (full names proven in tables beneath)

Notable January updates

Along with the problems mentioned above, a couple of particular objects are value noting.

CVE-2024-0057 — .NET, .NET Framework, and Visible Studio Framework Safety Function Bypass Vulnerability
CVE-2024-20674 — Home windows Kerberos Safety Function Bypass Vulnerability

Of this pair of safety function bypass points, Microsoft deems solely the Kerberos difficulty to be Important-class. The CVSS scoring system begs to vary, because the information to that scoring system requires that scorers think about possible worst-case eventualities when evaluating bugs in software program libraries. Their CVSS base scores are thus 9.1 and 9.0 respectively. In any case, admins are inspired to prioritize these two patches.

CVE-2024-20696 – Home windows Libarchive Distant Code Execution Vulnerability
CVE-2024-20697 – Home windows Libarchive Distant Code Execution Vulnerability

The knowledge out there on these two identically named Necessary-class RCEs is scant, however there’s a giant clue to their significance within the title: These two points have an effect on Libarchive, the engine for studying and writing in varied compression and archive codecs.

CVE-2024-20666 – BitLocker Safety Function Bypass Vulnerability

One other safety function bypass, this time in a safety function. This difficulty stands out for some pretty nuanced necessities round servicing the Protected OS; for many variations of Home windows 11 that is now a totally automated course of, and people counting on WSUS are mechanically up to date, however these working in additional complicated environments are strongly inspired to examine Microsoft’s printed steering for particular directions. In any case, the attacker requires bodily entry to the focused machine.

CVE-2024-21305 — Hypervisor-Protected Code Integrity (HVCI) Safety Function Bypass Vulnerability

The CVE with the bottom CVSS base rating this month has one thing in frequent with the 2 highest-scoring CVEs: It’s yet one more safety function bypass. This one, nonetheless, charges a mere 4.4 base rating and requires the attacker to have bodily entry to the focused machine and to have beforehand compromised admin credentials. It impacts an assortment of Home windows consumer and server variations and, for these nonetheless operating that {hardware}, 15 variations of the Floor.

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall
CVE-2024-20653 Exp/2420653-A Exp/2420653-A
CVE-2024-20698 Exp/2420698-A Exp/2420698-A
CVE-2024-21307 Exp/2421307-A Exp/2421307-A
CVE-2024-21310 Exp/2421310-A Exp/2421310-A

 

As you possibly can each month, in case you don’t need to wait in your system to tug down Microsoft’s updates itself, you possibly can obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe device to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace bundle in your particular system’s structure and construct quantity.

Appendix A: Vulnerability Influence and Severity

This can be a listing of January patches sorted by affect, then sub-sorted by severity. Every listing is additional organized by CVE.

Info Disclosure (12 CVEs)

Necessary severity
CVE-2024-0056 Microsoft.Knowledge.SqlClient and System.Knowledge.SqlClient SQL Knowledge Supplier Info Disclosure Vulnerability
CVE-2024-20660 Home windows Message Queuing Shopper Info Disclosure Vulnerability
CVE-2024-20662 Home windows On-line Certificates Standing Protocol (OCSP) Info Disclosure Vulnerability
CVE-2024-20663 Home windows Message Queuing Shopper (MSMQC) Info Disclosure
CVE-2024-20664 Microsoft Message Queuing Shopper Info Disclosure Vulnerability
CVE-2024-20680 Home windows Message Queuing Shopper (MSMQC) Info Disclosure
CVE-2024-20691 Home windows Themes Info Disclosure Vulnerability
CVE-2024-20692 Microsoft Native Safety Authority Subsystem Service Info Disclosure Vulnerability
CVE-2024-20694 Home windows CoreMessaging Info Disclosure  Vulnerability
CVE-2024-21311 Home windows Cryptographic Providers Info Disclosure Vulnerability
CVE-2024-21313 Home windows TCP/IP Info Disclosure Vulnerability
CVE-2024-21314 Home windows Message Queuing Shopper (MSMQC) Info Disclosure

 

Distant Code Execution (11 CVEs)

Important severity
CVE-2024-20700 Home windows Hyper-V Distant Code Execution Vulnerability
Necessary severity
CVE-2024-20654 Microsoft ODBC Driver Distant Code Execution Vulnerability
CVE-2024-20655 Microsoft On-line Certificates Standing Protocol (OCSP) Distant Code Execution Vulnerability
CVE-2024-20676 Azure Storage Mover Distant Code Execution Vulnerability
CVE-2024-20677 Microsoft Workplace Distant Code Execution Vulnerability
CVE-2024-20682 Home windows Cryptographic Providers Distant Code Execution Vulnerability
CVE-2024-20696 Home windows Libarchive Distant Code Execution Vulnerability
CVE-2024-20697 Home windows Libarchive Distant Code Execution Vulnerability
CVE-2024-21307 Distant Desktop Shopper Distant Code Execution Vulnerability
CVE-2024-21318 Microsoft SharePoint Server Distant Code Execution Vulnerability
CVE-2024-21325 Microsoft Printer Metadata Troubleshooter Instrument Distant Code Execution Vulnerability

 

Elevation of Privilege (10 CVEs)

Necessary severity
CVE-2024-20653 Microsoft Frequent Log File System Elevation of Privilege Vulnerability
CVE-2024-20656 Visible Studio Elevation of Privilege Vulnerability
CVE-2024-20657 Home windows Group Coverage Elevation of Privilege Vulnerability
CVE-2024-20658 Microsoft Digital Arduous Disk Elevation of Privilege Vulnerability
CVE-2024-20681 Home windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability
CVE-2024-20698 Home windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21309 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-21310 Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability

 

Denial of Service (6 CVEs)

Necessary severity
CVE-2024-20661 Microsoft Message Queuing Denial of Service Vulnerability
CVE-2024-20672 .NET Core and Visible Studio Denial of Service Vulnerability
CVE-2024-20687 Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-20699 Home windows Hyper-V Denial of Service Vulnerability
CVE-2024-21312 .NET Framework Denial of Service Vulnerability
CVE-2024-21319 Microsoft Id Denial of Service Vulnerability

 

Safety Function Bypass (6 CVEs)

Important severity
CVE-2024-20674 Home windows Kerberos Safety Function Bypass Vulnerability
Necessary Severity
CVE-2024-0057 .NET, .NET Framework, and Visible Studio Framework Safety Function Bypass Vulnerability
CVE-2024-20652 Home windows HTML Platforms Safety Function Bypass Vulnerability
CVE-2024-20666 BitLocker Safety Function Bypass Vulnerability
CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Safety Function Bypass Vulnerability
CVE-2024-21316 Home windows Server Key Distribution Service Safety Function Bypass

 

Spoofing (3 CVEs)

Necessary severity
CVE-2024-20690 Home windows Close by Sharing Spoofing Vulnerability
CVE-2024-21306 Microsoft Bluetooth Driver Spoofing Vulnerability
CVE-2024-21320 Home windows Themes Spoofing Vulnerability

 

Appendix B: Exploitability

This can be a listing of the January CVEs judged by Microsoft to be extra more likely to be exploited within the wild inside the first 30 days post-release. Every listing is additional organized by CVE. No CVEs addressed within the January patch assortment are recognized to be underneath lively exploit within the wild but.

Exploitation extra possible inside 30 days
CVE-2024-20652 Home windows HTML Platforms Safety Function Bypass Vulnerability
CVE-2024-20653 Microsoft Frequent Log File System Elevation of Privilege Vulnerability
CVE-2024-20674 Home windows Kerberos Safety Function Bypass Vulnerability
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability
CVE-2024-20698 Home windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21307 Distant Desktop Shopper Distant Code Execution Vulnerability
CVE-2024-21310 Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-21318 Microsoft SharePoint Server Distant Code Execution Vulnerability

 

 Appendix C: Merchandise Affected

This can be a listing of December’s patches sorted by product household, then sub-sorted by severity. Every listing is additional organized by CVE. Patches which are shared amongst a number of product households are listed a number of occasions, as soon as for every product household.

Home windows (38 CVEs)

Important severity
CVE-2024-20674 Home windows Kerberos Safety Function Bypass Vulnerability
CVE-2024-20700 Home windows Hyper-V Distant Code Execution Vulnerability
Necessary severity
CVE-2024-20652 Home windows HTML Platforms Safety Function Bypass Vulnerability
CVE-2024-20653 Microsoft Frequent Log File System Elevation of Privilege Vulnerability
CVE-2024-20654 Microsoft ODBC Driver Distant Code Execution Vulnerability
CVE-2024-20655 Microsoft On-line Certificates Standing Protocol (OCSP) Distant Code Execution Vulnerability
CVE-2024-20657 Home windows Group Coverage Elevation of Privilege Vulnerability
CVE-2024-20658 Microsoft Digital Arduous Disk Elevation of Privilege Vulnerability
CVE-2024-20660 Home windows Message Queuing Shopper Info Disclosure Vulnerability
CVE-2024-20661 Microsoft Message Queuing Denial of Service Vulnerability
CVE-2024-20662 Home windows On-line Certificates Standing Protocol (OCSP) Info Disclosure Vulnerability
CVE-2024-20663 Home windows Message Queuing Shopper (MSMQC) Info Disclosure
CVE-2024-20664 Microsoft Message Queuing Shopper Info Disclosure Vulnerability
CVE-2024-20666 BitLocker Safety Function Bypass Vulnerability
CVE-2024-20680 Home windows Message Queuing Shopper (MSMQC) Info Disclosure
CVE-2024-20681 Home windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2024-20682 Home windows Cryptographic Providers Distant Code Execution Vulnerability
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability
CVE-2024-20687 Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-20690 Home windows Close by Sharing Spoofing Vulnerability
CVE-2024-20691 Home windows Themes Info Disclosure Vulnerability
CVE-2024-20692 Microsoft Native Safety Authority Subsystem Service Info Disclosure Vulnerability
CVE-2024-20694 Home windows CoreMessaging Info Disclosure  Vulnerability
CVE-2024-20696 Home windows Libarchive Distant Code Execution Vulnerability
CVE-2024-20697 Home windows Libarchive Distant Code Execution Vulnerability
CVE-2024-20698 Home windows Kernel Elevation of Privilege Vulnerability
CVE-2024-20699 Home windows Hyper-V Denial of Service Vulnerability
CVE-2024-21305 Hypervisor-Protected Code Integrity (HVCI) Safety Function Bypass Vulnerability
CVE-2024-21306 Microsoft Bluetooth Driver Spoofing Vulnerability
CVE-2024-21307 Distant Desktop Shopper Distant Code Execution Vulnerability
CVE-2024-21309 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-21310 Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-21311 Home windows Cryptographic Providers Info Disclosure Vulnerability
CVE-2024-21313 Home windows TCP/IP Info Disclosure Vulnerability
CVE-2024-21314 Home windows Message Queuing Shopper (MSMQC) Info Disclosure
CVE-2024-21316 Home windows Server Key Distribution Service Safety Function Bypass
CVE-2024-21320 Home windows Themes Spoofing Vulnerability

 

.NET (5 CVEs)

Necessary severity
CVE-2024-0056 Microsoft.Knowledge.SqlClient and System.Knowledge.SqlClient SQL Knowledge Supplier Info Disclosure Vulnerability
CVE-2024-0057 .NET, .NET Framework, and Visible Studio Framework Safety Function Bypass Vulnerability
CVE-2024-20672 .NET Core and Visible Studio Denial of Service Vulnerability
CVE-2024-21312 .NET Framework Denial of Service Vulnerability
CVE-2024-21319 Microsoft Id Denial of Service Vulnerability

 

Visible Studio (4 CVEs)

Necessary severity
CVE-2024-0056 Microsoft.Knowledge.SqlClient and System.Knowledge.SqlClient SQL Knowledge Supplier Info Disclosure Vulnerability
CVE-2024-0057 .NET, .NET Framework, and Visible Studio Framework Safety Function Bypass Vulnerability
CVE-2024-20656 Visible Studio Elevation of Privilege Vulnerability
CVE-2024-21319 Microsoft Id Denial of Service Vulnerability

 

Azure (2 CVEs)

Necessary severity
CVE-2024-0056 Microsoft.Knowledge.SqlClient and System.Knowledge.SqlClient SQL Knowledge Supplier Info Disclosure Vulnerability
CVE-2024-20676 Azure Storage Mover Distant Code Execution Vulnerability

 

Microsoft Id Mannequin (1 CVE)

Necessary severity
CVE-2024-21319 Microsoft Id Denial of Service Vulnerability

 

Microsoft Printer Metadata Troubleshooter Instrument (1 CVE)

Necessary severity
CVE-2024-21325 Microsoft Printer Metadata Troubleshooter Instrument Distant Code Execution Vulnerability

 

Workplace (1 CVE)

Necessary severity
CVE-2024-20677 Microsoft Workplace Distant Code Execution Vulnerability

 

SharePoint (1 CVE)

Necessary severity
CVE-2024-21318 Microsoft SharePoint Server Distant Code Execution Vulnerability

 

SQL Server (1 CVE)

Necessary severity
CVE-2024-0056

 

Microsoft.Knowledge.SqlClient and System.Knowledge.SqlClient SQL Knowledge Supplier Info Disclosure Vulnerability

 

Appendix D: Advisories and Different Merchandise

This can be a listing of advisories and knowledge on different related CVEs within the December Microsoft launch, sorted by product.

Related to Edge / Chromium (4 CVEs)

CVE-2024-0222 Chromium: CVE-2024-0222 Use after free in ANGLE
CVE-2024-0223 Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE
CVE-2024-0224 Chromium: CVE-2024-0224 Use after free in WebAudio
CVE-2024-0225 Chromium: CVE-2024-0225 Use after free in WebGPU

 

Related to Home windows (third-party product) (one CVE)

CVE-2022-35737 MITRE: CVE-2022-35737 SQLite permits an array-bounds overflow

 

[ad_2]