Other official information and services: www.belgium.be

WARNING: MICROSOFT PATCH TUESDAY JANUARY 2024 PATCHES 48 VULNERABILITIES (2 CRITICAL, 46 IMPORTANT), PATCH IMMEDIATELY!

Référence:

Advisory #2024-02

Version:

1.0

Logiciels concernés :

.NET Core & Visual Studio

.NET Framework

Azure Storage Mover

Microsoft Bluetooth Driver

Microsoft Devices

Microsoft Identity Services

Microsoft Office

Microsoft Virtual Hard Drive

Remote Desktop Client

SQLServer

Unified Extensible Firmware Interface

Visual Studio

Windows AllJoyn API

Windows Authentication Methods

Windows BitLocker

Windows Cloud Files Mini Filter Driver

Windows Collaborative Translation Framework

Windows Common Log File System Driver

Windows Cryptographic Services

Windows Group Policy

Windows Hyper-V

Windows Kernel

Windows Kernel-Mode Drivers

Windows Libarchive

Windows Local Security Authority Subsystem Service (LSASS)

Windows Message Queuing

Windows Nearby Sharing

Windows ODBC Driver

Windows Online Certificate Status Protocol (OCSP) SnapIn

Windows Scripting

Windows Server Key Distribution Service

Windows Subsystem for Linux

Windows TCP/IP

Windows Themes

Windows Win32 Kernel Subsystem

Windows Win32K

Type:

Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.

CVE/CVSS:

Microsoft patched 48 vulnerabilities in its January 2024 Patch Tuesday release, 2 rated as critical, 46 rated important.

11 Remote Code Execution Vulnerabilities
11 Information DisclosureVulnerabilities
10 Elevation of Privilege Vulnerabilities
7 Security Feature Bypass
6 Denial of Service Vulnerabilities
3 Spoofing

Date:

10/01/2024

Sources

Microsoft - https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

Risques

Microsoft's January Patch Tuesday includes two critical and forty-six important vulnerabilities for a wide range of Microsoft products, affecting Microsoft Server, and Workstations. None of the vulnerabilities are known to be actively exploited but immediate patching is advised.

Description

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called "Patch Tuesday” and hold security fixes for Microsoft devices and software. This month's release covers thirty-four Microsoft vulnerabilities. Two vulnerabilities are marked as critical and forty-six as important.

The CCB would like to point your attention to following vulnerabilities:

CVE-2024-20674 is a critical security feature bypass vulnerability affecting Windows Kerberos with a CVSSv3.1 score of 9. The authentication feature could be bypassed as this vulnerability allows impersonation. According to Microsoft “An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server.”

CVE-2024-21318 is an important remote-code execution vulnerability affecting Microsoft SharePoint Server with a CVSSv3.1 score of 8.8. This vulnerability allows an authenticated attacker on the network to run malicious code on the SharePoint server. According to Microsoft, the exploitation is more likely due to the low technical barrier to trigger the exploit.

CVE-2024-20683 and CVE-2024-20686 are important EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. Both vulnerabilities received CVSSv3.1 scores of 7.8 and are rated “Exploitation More Likely.” Successful exploitation could allow an attacker to gain SYSTEM privileges on an affected host. EoP vulnerabilities are often abused by malicious actors after gaining initial access to a system.

CVE-2024-21310 is an important EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3.1 score of 7.8 and is rated as “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.

CVE-2024-20653 is an important EoP vulnerability in the Microsoft Common Log File System (CLFS). It was assigned a CVSSv3 score of 7.8 and is rated as “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.

CVE-2024-20698 is an important EoP vulnerability in the Microsoft Windows Kernel. It was assigned a CVSSv3 score of 7.8 and is rated as “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.

CVE-2024-20677 is an important Remote Code Execution Vulnerability in Microsoft Office. It was assigned a CVSSv3.1 score of 7.8. This vulnerability allows threat actors to create maliciously crafted Office documents with embedded FBX 3D model files to perform remote code execution.

Actions recommandées

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Références

Tenable - https://es-la.tenable.com/blog/microsofts-january-2024-patch-tuesday-add...

BleepingComputer - https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2024-p...