January 10, 2024 at 01:06AM
In January 2024, Microsoft addressed 48 security flaws in its software, with 2 rated Critical and 46 Important. No evidence indicates active attacks, marking the second consecutive Patch Tuesday with no zero-days. This includes fixes for vulnerabilities in the Chromium-based Edge browser. Other vendors have also released security updates to address various vulnerabilities.
Based on the meeting notes, the following key points can be summarized:
– Microsoft has addressed a total of 48 security flaws as part of its Patch Tuesday updates for January 2024.
– There are two Critical and 46 Important rated bugs in severity, with no evidence of publicly known or active attacks at the time of release.
– The most critical flaws patched this month include the Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) and the Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-20700).
– Other notable flaws addressed in the updates include a privilege escalation flaw impacting the Common Log File System (CLFS) driver and a security bypass affecting System.Data.SqlClient and Microsoft.Data.SqlClient.
– Microsoft has disabled the ability to insert FBX files in Word, Excel, PowerPoint, and Outlook in Windows by default due to a security flaw (CVE-2024-20677) that could lead to remote code execution.
– Security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities.