1. Summary

In the security updates published on Patch Tuesday, January 10, 2024 (UTC+8), Microsoft released patches for 53 CVEs, an increase of 11 compared to the previous month.

In terms of vulnerability severity, the release includes two vulnerabilities at the Critical level and 51 vulnerabilities at the High level. With regard to vulnerability type, there were 16 remote code execution (RCE) vulnerabilities, 10 elevation of privilege (EoP) vulnerabilities, and 11 information disclosure vulnerabilities, among others.

2. Statistics

2.1 Vulnerability Trend

Vulnerabilities patched by Microsoft in the last 12 months

Figure 1 Vulnerabilities patched by Microsoft in the last 12 months

  • Microsoft released 53 patches in January 2024, including patches for two critical vulnerabilities.
  • Based on Microsoft's historical vulnerability disclosures and the specific circumstances of this year, Sangfor FarSight Labs estimates that Microsoft will announce more vulnerabilities in the coming February in comparison to January. We expect a figure of approximately 70 vulnerabilities.

2.2 Vulnerability Trend Comparison

The following figure shows the number of vulnerabilities patched by Microsoft in the month of January from 2021 to 2024.

Number of vulnerabilities patched by Microsoft in January (2021 to 2024)

Figure 2 Number of vulnerabilities patched by Microsoft in January (2021 to 2024)

The following figure shows the trend of the number of vulnerabilities at different severity levels patched by Microsoft in January from 2021 to 2024.

Number of vulnerabilities by severity level patched by Microsoft in January (2021 to 2024)

Figure 3 Number of vulnerabilities by severity level patched by Microsoft in January (2021 to 2024)

The following figure shows the number of vulnerabilities by type patched by Microsoft in January from 2021 to 2024.

Number of vulnerabilities by type patched by Microsoft in January (2021 to 2024)

Figure 4 Number of vulnerabilities by type patched by Microsoft in January (2021 to 2024)

  • Compared to last year, the number of vulnerabilities patched by Microsoft in January 2024 has decreased. A total of 53 vulnerabilities, including two critical ones, have been reported this month.
  • Compared to last year, the number of vulnerabilities at the High and Critical levels patched by Microsoft has decreased. 51 vulnerabilities at the High level have been patched, a decrease of about 71%, and 2 vulnerabilities at the Critical level have been patched, a decrease of about 82%.
  • Compared to last year, the number of RCE, DoS, and EoP vulnerabilities has decreased. However, we should remain highly vigilant because, when combined with social engineering techniques, attackers can exploit RCE vulnerabilities to take over an entire LAN and launch attacks.

3. Details of Key Vulnerabilities

3.1 Analysis

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-20700)

Microsoft Hyper-V, codenamed Viridian and formerly known as Windows Server Virtualization, is a local VM management program provided by Microsoft. It allows you to create VMs on x86-64 Windows hosts.

A remote code execution vulnerability (CVE-2024-20700), with a CVSS score of 7.5 (high severity), has been found in Hyper-V. It allows attackers to execute arbitrary code on target systems. Analysis results indicate that the vulnerability poses a high risk, and Sangfor FarSight Labs recommends that users install the latest Microsoft patches at the earliest opportunity.

Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

Kerberos is a computer network authentication protocol that is used to securely authenticate users during communication in an insecure network.

A security feature bypass vulnerability (CVE-2024-20674), with a CVSS score of 8.8 (high severity), has been found in Kerberos. Attackers can exploit the vulnerability to bypass security features and perform unauthorized activities on target systems. Analysis results indicate that the vulnerability poses a high risk, and Sangfor FarSight Labs recommends that users install the latest Microsoft patches at the earliest opportunity.

3.2 Affected Versions

Vulnerability Name Affected Versions
Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-20700) Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 Version 21H2 for ARM64-based Systems
Windows 11 Version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows Kerberos Security Feature Bypass Vulnerability 
(CVE-2024-20674)
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 Version 21H2 for ARM64-based Systems
Windows 11 Version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems

 

4. Solutions

4.1 Official Solution

Microsoft has released patches for affected OS versions to fix the latest vulnerabilities. Please install the latest Windows security updates to apply the patches or download the patch for individual vulnerabilities from Microsoft’s security updates page: https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

5. References

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

6. Timeline

On January 10, 2024, Microsoft released a security update with patches for 53 vulnerabilities, including the Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-20700) and Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674).

On January 10, 2024, Sangfor FarSight Labs released a vulnerability alert.

7. About Sangfor FarSight Labs

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure