- 07/2024
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. Microsoft has fixed (49) vulnerabilities, with (2) classified as critical as they could allow the attacker to perform remote code execution, bypass security restrictions, gain elevated privilege, spoofing attacks, or gain access to the affected products.
January’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Microsoft Office, Microsoft Office SharePoint, Microsoft Edge (Chromium-based), Microsoft Virtual Hard Drive, Visual Studio, SQL Server, Azure Storage Mover, Windows BitLocker, Windows Kernel, Windows Authentication Methods, Windows ODBC Driver, Windows Libarchive, .NET Framework, Windows Message Queuing, Microsoft Devices, Windows Hyper-V, Windows Scripting, Windows Server Key Distribution Service and Windows Local Security Authority Subsystem Service (LSASS).
Sample of the addressed vulnerabilities:
1. Microsoft .NET and Visual Studio Framework Security Bypass Vulnerability (CVE-2024-0057):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Microsoft Windows ODBC Driver Code Execution (CVE-2024-20654):
- CVSS: 8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.