Microsoft’s January 2024 Patch Tuesday Addresses 48 CVEs

On January 9, Microsoft released its January 2024 Patch Tuesday release which patched 48 CVEs with 2 rated as critical and 46 rated as important.

While no zero-day vulnerabilities were patched this month, Microsoft did address a critical vulnerability affecting Windows Kerberos. CVE-2024-20674 is a critical security feature bypass vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. It was assigned a CVSSv3 score of 9.0 and is rated as “Exploitation More Likely” according to the Microsoft Exploitability Index.

This month’s update includes patches for:

• .NET and Visual Studio
• .NET Core & Visual Studio
• .NET Framework
• Azure Storage Mover
• Microsoft Bluetooth Driver
• Microsoft Devices
• Microsoft Identity Services
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Virtual Hard Drive
• Remote Desktop Client
• SQL Server
• Unified Extensible Firmware Interface
• Visual Studio
• Windows AllJoyn API
• Windows Authentication Methods
• Windows BitLocker
• Windows Cloud Files Mini Filter Driver
• Windows Collaborative Translation Framework
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows Group Policy
• Windows Hyper-V
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Libarchive
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Message Queuing
• Windows Nearby Sharing
• Windows ODBC Driver
• Windows Online Certificate Status Protocol (OCSP) SnapIn
• Windows Scripting
• Windows Server Key Distribution Service
• Windows Subsystem for Linux
• Windows TCP/IP
• Windows Themes
• Windows Win32 Kernel Subsystem
• Windows Win32K

For more information, please visit our blog.