Microsoft Security Update Summary (January 9, 2024)

[German]On January 9, 2024, Microsoft released security updates for Windows clients and servers, for Office and for other products. The security updates eliminate 48 vulnerabilities (CVEs), two of which are critical vulnerabilities. Below is a compact overview of these updates that were released on Patchday.

Notes on the updates

A list of the updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.

Windows 7 SP1/Windows Server 2012 R2

Windows 7 SP1 is no longer supported since January 2020. Only customers with an ESU license for the 4th year (or workarounds) will still receive updates. Updates can also be downloaded from the Microsoft Update Catalog. Windows Server 2012 /R2 will receive regular security updates until October 2023. From this point onwards, an ESU license is also required to obtain further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:

• CVE-2024-20674: Windows Kerberos Security Feature Bypass vulnerability, CVEv3 Score 9.0, critical; The vulnerability allows bypassing Windows Kerberos authentication and is classified as "Exploitation More Likely" according to Microsoft's Exploitability Index. To exploit this vulnerability, an attacker must gain access to a target network. From there, the attacker can attempt to impersonate a Kerberos authentication server by performing a machine-in-the-middle (MITM) attack or using another method to spoof the local network and send a malicious Kerberos message to a client computer. The attacker would then be able to bypass authentication through impersonation.
• CVE-2024-20683 and CVE-2024-20686: Win32k Elevation of Privilege vulnerability (EoP), CVEv3 Score 7.8, important; These are EoP vulnerabilities in Microsoft's Win32k, a central kernel-side driver used in Windows. Exploitation is classified by Microsoft as "Exploitation More Likely". Successful exploitation could allow an attacker to gain SYSTEM privileges on an affected host. EoP vulnerabilities are often exploited by malicious actors after they have first gained access to a system.
• CVE-2024-21318: Microsoft SharePoint Server Remote Code Execution vulnerability,  CVEv3 Score 8.8, important; It is an RCE vulnerability that affects Microsoft SharePoint Server. It has been classified as "Exploitation More Likely". This vulnerability could be exploited by an authenticated attacker with at least Site Owner privileges.
• CVE-2024-21310: Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability,  CVEv3 Score 7.8, important; It is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). The vulnerability has been categorized as Exploitation More Likely. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges on SYSTEM.
• CVE-2024-20653: Microsoft Common Log File System Elevation of Privilege vulnerability,  CVEv3 Score 7.8, important; It is an EoP vulnerability in the Microsoft Common Log File System (CLFS). The vulnerability has been categorized as Exploitation More Likely. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges on SYSTEM.
• CVE-2024-20698: Windows Kernel Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; It is an EoP vulnerability in the Microsoft Windows kernel. The vulnerability has been classified as "Exploitation More Likely". An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges on SYSTEM.

A list of all covered CVEs can be found on this Microsoft page, excerpts are available at Tenable. Below is the list of patched products:

• .NET and Visual Studio
• .NET Core & Visual Studio
• .NET Framework
• Azure Storage Mover
• Microsoft Bluetooth Driver
• Microsoft Devices
• Microsoft Identity Services
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Virtual Hard Drive
• Remote Desktop Client
• SQL Server
• Unified Extensible Firmware Interface
• Visual Studio
• Windows AllJoyn API
• Windows Authentication Methods
• Windows BitLocker
• Windows Cloud Files Mini Filter Driver
• Windows Collaborative Translation Framework
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows Group Policy
• Windows Hyper-V
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Libarchive
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Message Queuing
• Windows Nearby Sharing
• Windows ODBC Driver
• Windows Online Certificate Status Protocol (OCSP) SnapIn
• Windows Scripting
• Windows Server Key Distribution Service
• Windows Subsystem for Linux
• Windows TCP/IP
• Windows Themes
• Windows Win32 Kernel Subsystem
• Windows Win32K

Similar articles:
Office update KB5002500 from January 2, 2023 fixes OneNote 2016 sync problem
Microsoft Security Update Summary (January 9, 2024)
Patchday: Windows 10 Updates (January 9, 2024)
Patchday: Windows 11/Server 2022 Updates (January 9, 2024)
Windows 7/Server 2008 R2; Server 2012 R2: Updates (January 9, 2024)