Microsoft's Patch Update for January
Every second Tuesday of each month is Microsoft’s monthly Patch Tuesday. Patches for this month include 46 flaws and 12 remote code execution vulnerabilities.
This month, Microsoft released a comprehensive set of patches addressing various vulnerabilities as part of their Patch Tuesday initiative.
Remote Code Execution (RCE) vulnerabilities are among the most dangerous security flaws, as they allow an attacker to run arbitrary code on a victim's system without their consent. This can give the attacker unauthorised access to the system, enabling them to steal data, install malware, or take full control over the affected system.
It is crucial that organisations prioritise patch management, especially updates that address RCE vulnerabilities, to adhere to cybersecurity frameworks such as Essential 8, which recommends strategies to mitigate cyber threats effectively.
How many bugs for each vulnerability category were there?
10 Elevation of Privilege Vulnerabilities
7 Security Feature Bypass Vulnerabilities
12 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed back on the January 5th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update and Windows 10 KB5034122 update.
Key vulnerabilities resolved include:
Windows Authentication Methods: CVE-2024-20674 is a critical security feature bypass vulnerability within Windows Kerberos, demanding immediate attention due to its potential impact on system security.
Windows Hyper-V: CVE-2024-20700, a critical remote code execution vulnerability, alongside CVE-2024-20699, an important denial of service vulnerability, reflecting the critical importance of securing virtual environments provided by Hyper-V.
Windows Scripting: CVE-2024-20652, categorised as an important security feature bypass vulnerability, highlights the need for patch management in web-related services.
By rigorously applying such patches, organisations can comprehensively follow the practices recommended by the Essential 8 framework, proactively mitigating potential threats and enhancing their cybersecurity posture. IT administrators must apply these patches in a timely manner, prioritising critical vulnerabilities to protect key systems and data.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.