Microsoft patched 49 CVEs in its January 2024 Patch Tuesday release, with two rated critical and 46 rated as important. For the second straight month, Microsoft did not patch any zero-day vulnerabilities that were exploited or publicly disclosed.
Vulnerabilities Category
- 10 Elevation of Privilege Vulnerabilities
- 7 Security Feature Bypass Vulnerabilities
- 12 Remote Code Execution Vulnerabilities
- 11 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 3 Spoofing Vulnerabilities
Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-20674 is a critical security feature bypass vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. With a CVSSv3 score of 9.0 and is rated as Exploitation More Likely. To exploit this vulnerability, an attacker needs to have established access to a target network. The attacker would attempt to spoof itself as a Kerberos authentication server by conducting a machine-in-the-middle (MITM) attack or by some other local network spoofing method and sending a malicious Kerberos message to a client machine. The attacker would then be able to bypass authentication via impersonation.
Win32k Elevation of Privilege Vulnerability
CVE-2024-20683 and CVE-2024-20686 are EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. Both vulnerabilities received CVSSv3 scores of 7.8 and are rated Exploitation More Likely. Successful exploitation could allow an attacker to gain SYSTEM privileges on an affected host. EoP vulnerabilities are often abused by malicious actors after gaining initial access to a system and in 2023, 14 EoP vulnerabilities in Win32k were patched by Microsoft. While neither of these two vulnerabilities has been reported as exploited in the wild by Microsoft, one of the 14 patched in 2023 was exploited as a zero-day, CVE-2023-29336, which was patched in the May 2023 Patch Tuesday release.
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21318 is a RCE vulnerability affecting Microsoft SharePoint Server. With a CVSSv3 score of 8.8, this flaw can be exploited by an authenticated attacker with at least Site Owner privileges. While no active exploitation has been observed at the time the vulnerability was patched, Microsoft rates this vulnerability as Exploitation More Likely.
Back in September, an exploit chain consisted of an EoP vulnerability CVE-2023-29357 and a RCE vulnerability, CVE-2023-24955. While a proof-of-concept was released, it was not weaponizable as designed, and required additional work to achieve RCE. While that vulnerability chain does not appear to have been abused, we strongly recommend patching SharePoint servers as soon as possible.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-21310 is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). With a CVSSv3 score of 7.8 and is rated as important and Exploitation More Likely. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM. This is the third month in a row that Microsoft patched an EoP in the Microsoft Cloud Files Mini Filter Driver. In 2023, Microsoft patched six EoP vulnerabilities in the Cloud Files Mini Filter Driver, including CVE-2023-36036, which was the first to be exploited in the wild as a zero-day.
Microsoft Common Log File System Elevation of Privilege Vulnerability
CVE-2024-20653 is an EoP vulnerability in the Microsoft Common Log File System (CLFS). With a CVSSv3 score of 7.8 and is rated as important and Exploitation More Likely. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM. This is the 23rd EoP vulnerability in the Microsoft CLFS patched since 2022, with 10 patched in 2023 and 12 patched in 2022.
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-20698 is an EoP vulnerability in the Microsoft Windows Kernel. With a CVSSv3 score of 7.8 and is rated as important and Exploitation More Likely. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM. This is the 64th EoP vulnerability in the Microsoft Windows Kernel patched since 2022, with 43 patched in 2023 and 20 patched in 2022.
January 2024 patch release summary
| CVE ID | CVE Title | Severity |
| CVE-2024-20674 | Windows Kerberos Security Feature Bypass Vulnerability | Critical |
| CVE-2024-20700 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2024-0057 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | Important |
| CVE-2024-20672 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| CVE-2024-21312 | .NET Framework Denial of Service Vulnerability | Important |
| CVE-2024-20676 | Azure Storage Mover Remote Code Execution Vulnerability | Important |
| CVE-2024-21306 | Microsoft Bluetooth Driver Spoofing Vulnerability | Important |
| CVE-2024-21325 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | Important |
| CVE-2024-21319 | Microsoft Identity Denial of service vulnerability | Important |
| CVE-2024-20677 | Microsoft Office Remote Code Execution Vulnerability | Important |
| CVE-2024-21318 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| CVE-2024-20658 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Important |
| CVE-2024-21307 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
| CVE-2024-0056 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | Important |
| CVE-2022-35737 | MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow | Important |
| CVE-2024-21305 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
| CVE-2024-20656 | Visual Studio Elevation of Privilege Vulnerability | Important |
| CVE-2024-20687 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
| CVE-2024-20666 | BitLocker Security Feature Bypass Vulnerability | Important |
| CVE-2024-21310 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-20694 | Windows CoreMessaging Information Disclosure Vulnerability | Important |
| CVE-2024-20653 | Microsoft Common Log File System Elevation of Privilege Vulnerability | Important |
| CVE-2024-20682 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
| CVE-2024-21311 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| CVE-2024-20657 | Windows Group Policy Elevation of Privilege Vulnerability | Important |
| CVE-2024-20699 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2024-20698 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-21309 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-20697 | Windows Libarchive Remote Code Execution Vulnerability | Important |
| CVE-2024-20696 | Windows Libarchive Remote Code Execution Vulnerability | Important |
| CVE-2024-20692 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
| CVE-2024-20660 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| CVE-2024-20664 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| CVE-2024-20680 | Windows Message Queuing Client (MSMQC) Information Disclosure | Important |
| CVE-2024-20663 | Windows Message Queuing Client (MSMQC) Information Disclosure | Important |
| CVE-2024-21314 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| CVE-2024-20661 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| CVE-2024-20690 | Windows Nearby Sharing Spoofing Vulnerability | Important |
| CVE-2024-20654 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-20662 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | Important |
| CVE-2024-20655 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | Important |
| CVE-2024-20652 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
| CVE-2024-21316 | Windows Server Key Distribution Service Security Feature Bypass | Important |
| CVE-2024-20681 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| CVE-2024-21313 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| CVE-2024-20691 | Windows Themes Information Disclosure Vulnerability | Important |
| CVE-2024-21320 | Windows Themes Spoofing Vulnerability | Important |
| CVE-2024-20686 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2024-20683 | Win32k Elevation of Privilege Vulnerability | Important |
