The first Patch Tuesday update by Microsoft highlights a comprehensive set of security updates that have been rolled out, addressing a total of 49 vulnerabilities, including 12 remote code execution (RCE) vulnerabilities. Among these, two were identified as critical—a Windows Kerberos Security Feature Bypass and a Hyper-V RCE.
The breakdown of vulnerabilities by category is as follows:
10 Elevation of Privilege Vulnerabilities
7 Security Feature Bypass Vulnerabilities
12 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
It's important to note that the total count of 49 flaws excludes the 4 Microsoft Edge vulnerabilities addressed on January 5th.
Noteworthy Vulnerabilities of the Month
Although no actively exploited or publicly disclosed vulnerabilities were identified this month, some flaws stand out due to their significance.
Among the issues addressed by Microsoft is a Remote Code Execution Vulnerability in Office, identified as CVE-2024-20677. This flaw enables threat actors to create maliciously crafted Office documents containing embedded FBX 3D model files, thereby facilitating remote code execution.
Microsoft's security bulletin highlights the response to this vulnerability: "A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint, and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. 3D models in Office documents that were previously inserted from an FBX file will continue to work as expected unless the Link to File option was chosen at insert time."
Additionally, a critical Windows Kerberos bug, tracked asCVE-2024-20674, has been addressed. This vulnerability could allow an attacker o bypass the authentication feature. According to a support bulletin, "An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server."
Security Updates for Patch Tuesday, January 2024
For detailed information on each vulnerability, along within sights into the affected systems, please refer to the complete report available here.