Security Alert (A24-01-05): Multiple Vulnerabilities in Microsoft Products (January 2024)


 

Published on: 10 January 2024

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

 

Affected Systems:

  • Microsoft Windows 10, 11
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022
  • Microsoft Office 2019, LTSC 2021, LTSC for Mac 2021
  • Microsoft 365 Apps for Enterprise
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019, Subscription Edition
  • Microsoft SQL Server 2022
  • Microsoft Visual Studio 2015, 2017, 2019, 2022
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
  • .NET 6.0, 7.0, 8.0
  • Azure Storage Mover Agent
  • CBL Mariner 1.0, 2.0
  • Microsoft Identity Model v5.0.0, v6.0.0, v7.0.0
  • Microsoft Printer Metadata Troubleshooter Tool
  • Microsoft.Data.SqlClient 2.1, 3.1, 4.0, 5.1
  • System.Data.SqlClient

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass or spoofing on an affected system.

 

Recommendation:

Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-january-2024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0056 (to CVE-2024-0057)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20652 (to CVE-2024-20658)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20660 (to CVE-2024-20664)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20666
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20672
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20674
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20676 (to CVE-2024-20677)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20680 (to CVE-2024-20683)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20686 (to CVE-2024-20687)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20690 (to CVE-2024-20692)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20694
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696 (to CVE-2024-20700)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21305 (to CVE-2024-21307)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21309 (to CVE-2024-21314)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21316
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21318 (to CVE-2024-21320)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21325


Tag: Microsoft , Windows , Windows Server , Microsoft Office , Microsoft 365 Apps , SharePoint , SQL Server , Visual Studio , .NET Framework , .NET , Microsoft Azure , CBL Mariner , Microsoft Identity Model , Microsoft Printer Metadata Troubleshooter Tool
Tags