Skip to content

2024’s first Patch Tuesday steps lightly – Sophos News

The latest security updates from Microsoft address several vulnerabilities, with information disclosure issues being the most prevalent. According to Figure 1, information disclosure has a higher count than elevation of privilege and remote code execution bugs in January. Additionally, security feature bypass and spoofing vulnerabilities are also present, although in smaller numbers.

The products affected by these vulnerabilities include Windows, .NET, Visual Studio, Azure, Microsoft Identity Model / NuGet, Microsoft Printer Metadata Troubleshooter Tool, Office, SharePoint, and SQL Server. Windows has the highest representation in this month’s patches, but other tools and applications are also affected, as shown in Figure 2.

There are a few notable updates that deserve attention. Two security feature bypass vulnerabilities, CVE-2024-0057 and CVE-2024-20674, have been identified in .NET, .NET Framework, and Visual Studio Framework, with the latter being classified as Critical. These vulnerabilities have CVSS base scores of 9.1 and 9.0, respectively, indicating their severity. Admins are advised to prioritize these patches.

Two important-class remote code execution vulnerabilities, CVE-2024-20696 and CVE-2024-20697, have been discovered in Windows Libarchive. As the name suggests, Libarchive is responsible for reading and writing in various compression and archive formats. While information about these vulnerabilities is limited, their importance can be inferred from the title. Organizations should pay attention to these patches.

Another security feature bypass vulnerability, CVE-2024-20666, affects BitLocker, a security feature in Windows. This vulnerability has specific requirements for servicing the Safe OS, and organizations are encouraged to refer to Microsoft’s guidance for instructions. It is worth noting that physical access to the targeted machine is required for exploitation.

The CVE with the lowest CVSS base score this month is CVE-2024-21305, a security feature bypass vulnerability in Hypervisor-Protected Code Integrity (HVCI). This vulnerability has a base score of 4.4 and requires physical access to the targeted machine, as well as previously compromised admin credentials. It affects various versions of Windows client and server, as well as 15 versions of the Surface.

Sophos protections are available for several CVEs, including CVE-2024-20653, CVE-2024-20698, CVE-2024-21307, and CVE-2024-21310. Organizations using Sophos Intercept X/Endpoint IPS or Sophos XGS Firewall can utilize these protections to mitigate the risks associated with these vulnerabilities.

For those who prefer to manually download Microsoft’s updates, the Windows Update Catalog website provides the option to download them directly. By running the winver.exe tool, users can determine their specific system’s architecture and build number, and then download the appropriate Cumulative Update package.

Appendix A provides a complete list of January patches sorted by impact and severity, categorizing them into information disclosure, remote code execution, elevation of privilege, denial of service, security feature bypass, and spoofing vulnerabilities. Each list is further arranged by CVE.

Appendix B highlights the CVEs that are more likely to be exploited within the first 30 days post-release. As of now, no CVEs addressed in the January patch collection are known to be under active exploit in the wild.

Appendix C categorizes the patches by product family and severity. Windows has the highest number of CVEs, with critical and important severity levels. Other affected products include .NET, Visual Studio, Azure, Microsoft Identity Model / NuGet, Microsoft Printer Metadata Troubleshooter Tool, Office, SharePoint, and SQL Server.

In conclusion, the January security updates from Microsoft address various vulnerabilities, with information disclosure being the most prevalent. Admins should prioritize patching the identified security feature bypass and remote code execution vulnerabilities. Organizations can also leverage Sophos protections for additional security.

Leave a Reply

Your email address will not be published. Required fields are marked *