Patch Tuesday Update - January 2024

Frontline.Cloud will include the Microsoft Patch Tuesday checks in the NIRV 4.34.0 and Frontline Agent 2.3 releases.

Microsoft addressed 49 vulnerabilities in this release, including 2 rated as Critical and 12 Remote Code Execution vulnerabilities.

CVE/Advisory	Title	Tag	Microsoft Severity Rating	Base Score	Microsoft Impact	Exploited	Publicly Disclosed
CVE-2024-20666	BitLocker Security Feature Bypass Vulnerability	Windows BitLocker	Important	6.6	Security Feature Bypass	No	No
CVE-2024-20674	Windows Kerberos Security Feature Bypass Vulnerability	Windows Authentication Methods	Critical	9	Security Feature Bypass	No	No
CVE-2024-20677	Microsoft Office Remote Code Execution Vulnerability	Microsoft Office	Important	7.8	Remote Code Execution	No	No
CVE-2024-20676	Azure Storage Mover Remote Code Execution Vulnerability	Azure Storage Mover	Important	8	Remote Code Execution	No	No
CVE-2024-20654	Microsoft ODBC Driver Remote Code Execution Vulnerability	Windows ODBC Driver	Important	8	Remote Code Execution	No	No
CVE-2024-20657	Windows Group Policy Elevation of Privilege Vulnerability	Windows Group Policy	Important	7	Elevation of Privilege	No	No
CVE-2024-20658	Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability	Microsoft Virtual Hard Drive	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20680	Windows Message Queuing Client (MSMQC) Information Disclosure	Windows Message Queuing	Important	6.5	Information Disclosure	No	No
CVE-2024-20682	Windows Cryptographic Services Remote Code Execution Vulnerability	Windows Cryptographic Services	Important	7.8	Remote Code Execution	No	No
CVE-2024-20683	Win32k Elevation of Privilege Vulnerability	Windows Win32K	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20690	Windows Nearby Sharing Spoofing Vulnerability	Windows Nearby Sharing	Important	6.5	Spoofing	No	No
CVE-2024-20691	Windows Themes Information Disclosure Vulnerability	Windows Themes	Important	4.7	Information Disclosure	No	No
CVE-2024-20694	Windows CoreMessaging Information Disclosure Vulnerability	Windows Collaborative Translation Framework	Important	5.5	Information Disclosure	No	No
CVE-2022-35737	MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow	SQLite	Important	N/A	Remote Code Execution	No	No
CVE-2024-20696	Windows Libarchive Remote Code Execution Vulnerability	Windows Libarchive	Important	7.3	Remote Code Execution	No	No
CVE-2024-20697	Windows Libarchive Remote Code Execution Vulnerability	Windows Libarchive	Important	7.3	Remote Code Execution	No	No
CVE-2024-20698	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20699	Windows Hyper-V Denial of Service Vulnerability	Windows Hyper-V	Important	5.5	Denial of Service	No	No
CVE-2024-20700	Windows Hyper-V Remote Code Execution Vulnerability	Windows Hyper-V	Critical	7.5	Remote Code Execution	No	No
CVE-2024-21305	Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability	Unified Extensible Firmware Interface	Important	4.4	Security Feature Bypass	No	No
CVE-2024-21307	Remote Desktop Client Remote Code Execution Vulnerability	Remote Desktop Client	Important	7.5	Remote Code Execution	No	No
CVE-2024-21313	Windows TCP/IP Information Disclosure Vulnerability	Windows TCP/IP	Important	5.3	Information Disclosure	No	No
CVE-2024-21325	Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability	Microsoft Devices	Important	N/A	Remote Code Execution	No	No
CVE-2024-20672	.NET Core and Visual Studio Denial of Service Vulnerability	.NET Core & Visual Studio	Important	7.5	Denial of Service	No	No
CVE-2024-0056	Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability	SQL Server	Important	8.7	Repudiation:Security Feature Bypass	No	No
CVE-2024-0057	NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability	.NET and Visual Studio	Important	9.1	Security Feature Bypass	No	No
CVE-2024-20652	Windows HTML Platforms Security Feature Bypass Vulnerability	Windows Scripting	Important	7.5	Security Feature Bypass	No	No
CVE-2024-20653	Microsoft Common Log File System Elevation of Privilege Vulnerability	Windows Common Log File System Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20655	Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability	Windows Online Certificate Status Protocol (OCSP) SnapIn	Important	6.6	Remote Code Execution	No	No
CVE-2024-20656	Visual Studio Elevation of Privilege Vulnerability	Visual Studio	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20660	Microsoft Message Queuing Information Disclosure Vulnerability	Windows Message Queuing	Important	6.5	Information Disclosure	No	No
CVE-2024-20661	Microsoft Message Queuing Denial of Service Vulnerability	Windows Message Queuing	Important	7.5	Denial of Service	No	No
CVE-2024-20662	Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability	Windows Online Certificate Status Protocol (OCSP) SnapIn	Important	4.9	Information Disclosure	No	No
CVE-2024-20663	Windows Message Queuing Client (MSMQC) Information Disclosure	Windows Message Queuing	Important	6.5	Information Disclosure	No	No
CVE-2024-20664	Microsoft Message Queuing Information Disclosure Vulnerability	Windows Message Queuing	Important	6.5	Information Disclosure	No	No
CVE-2024-21316	Windows Server Key Distribution Service Security Feature Bypass	Windows Server Key Distribution Service	Important	6.1	Security Feature Bypass	No	No
CVE-2024-20681	Windows Subsystem for Linux Elevation of Privilege Vulnerability	Windows Subsystem for Linux	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20686	Win32k Elevation of Privilege Vulnerability	Windows Win32 Kernel Subsystem	Important	7.8	Elevation of Privilege	No	No
CVE-2024-20687	Microsoft AllJoyn API Denial of Service Vulnerability	Windows AllJoyn API	Important	7.5	Denial of Service	No	No
CVE-2024-20692	Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability	Windows Local Security Authority Subsystem Service (LSASS)	Important	5.7	Information Disclosure	No	No
CVE-2024-21306	Microsoft Bluetooth Driver Spoofing Vulnerability	Microsoft Bluetooth Driver	Important	5.7	Spoofing	No	No
CVE-2024-21309	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2024-21310	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Windows Cloud Files Mini Filter Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2024-21311	Windows Cryptographic Services Information Disclosure Vulnerability	Windows Cryptographic Services	Important	5.5	Information Disclosure	No	No
CVE-2024-21312	.NET Framework Denial of Service Vulnerability	.NET Framework	Important	7.5	Denial of Service	No	No
CVE-2024-21314	Microsoft Message Queuing Information Disclosure Vulnerability	Windows Message Queuing	Important	6.5	Information Disclosure	No	No
CVE-2024-21318	Microsoft SharePoint Server Remote Code Execution Vulnerability	Microsoft Office SharePoint	Important	8.8	Remote Code Execution	No	No
CVE-2024-21319	Microsoft Identity Denial of service vulnerability	Microsoft Identity Services	Important	6.8	Denial of Service	No	No
CVE-2024-21320	Windows Themes Spoofing Vulnerability	Windows Themes	Important	6.5	Spoofing	No	No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Frontline VM can help.

Watch now

Patch Tuesday Update - January 2024

Quickly Find and Fix Your Most At-Risk Weaknesses

Mieng Lim

Footer 1

Footer 2

Footer 3

Footer Menu 4

Contact Information

Privacy Policy

Cookie Policy

Impressum