Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
.NET Core & Visual Studio |
1 |
CVE-2024-20672 |
|
Windows Hyper-V |
2 |
CVE-2024-20699, CVE-2024-20700 |
|
Microsoft Devices |
1 |
CVE-2024-21325 |
|
Microsoft Identity Services |
1 |
CVE-2024-21319 |
|
Windows Cryptographic Services |
2 |
CVE-2024-20682, CVE-2024-21311 |
|
Remote Desktop Client |
1 |
CVE-2024-21307 |
|
Visual Studio |
1 |
CVE-2024-20656 |
|
Windows Common Log File System Driver |
1 |
CVE-2024-20653 |
|
Windows Collaborative Translation Framework |
1 |
CVE-2024-20694 |
|
Azure Storage Mover |
1 |
CVE-2024-20676 |
|
SQLite |
1 |
CVE-2022-35737 |
|
Windows Themes |
2 |
CVE-2024-20691, CVE-2024-21320 |
|
Microsoft Office SharePoint |
1 |
CVE-2024-21318 |
|
SQL Server |
1 |
CVE-2024-0056 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-21310 |
|
Windows Win32 Kernel Subsystem |
1 |
CVE-2024-20686 |
|
Windows Kernel |
1 |
CVE-2024-20698 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2024-21306 |
|
Windows Local Security Authority Subsystem Service (LSASS) |
1 |
CVE-2024-20692 |
|
Windows AllJoyn API |
1 |
CVE-2024-20687 |
|
Windows Nearby Sharing |
1 |
CVE-2024-20690 |
|
Microsoft Office |
1 |
CVE-2024-20677 |
|
Unified Extensible Firmware Interface |
1 |
CVE-2024-21305 |
|
Windows Subsystem for Linux |
1 |
CVE-2024-20681 |
|
Windows Scripting |
1 |
CVE-2024-20652 |
|
Windows ODBC Driver |
1 |
CVE-2024-20654 |
|
.NET Framework |
1 |
CVE-2024-21312 |
|
Windows Libarchive |
2 |
CVE-2024-20696, CVE-2024-20697 |
|
Windows Win32K |
1 |
CVE-2024-20683 |
|
.NET and Visual Studio |
1 |
CVE-2024-0057 |
|
Windows Authentication Methods |
1 |
CVE-2024-20674 |
|
Windows TCP/IP |
1 |
CVE-2024-21313 |
|
Windows Message Queuing |
6 |
CVE-2024-20680, CVE-2024-20660, CVE-2024-20661, CVE-2024-20663, CVE-2024-20664, CVE-2024-21314 |
|
Windows Group Policy |
1 |
CVE-2024-20657 |
|
Windows Server Key Distribution Service |
1 |
CVE-2024-21316 |
|
Windows Kernel-Mode Drivers |
1 |
CVE-2024-21309 |
|
Microsoft Virtual Hard Drive |
1 |
CVE-2024-20658 |
|
Windows BitLocker |
1 |
CVE-2024-20666 |
|
Microsoft Edge (Chromium-based) |
4 |
CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 |
|
Windows Online Certificate Status Protocol (OCSP) SnapIn |
2 |
CVE-2024-20655, CVE-2024-20662 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
