Microsoft Patch Tuesday

Published On: January 9, 2024Categories: Cyber Alerts

In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, December 12, 2023. Today’s Patch Tuesday comes with 49 flaws.

What is Patch Tuesday?

Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?

This month’s patch Tuesday is critical because it fixes critical vulnerabilities. The SensCy team recommends Microsoft users install those patches immediately.

While the there were no Zero-Day vulnerabilities discovered, two vulnerabilities were classified as critical.
CVE2024-20674, a vulnerability in Windows Kerberos, allowing hacker to bypass authentication by establishing a machine-in-the-middle (MITM) by sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server

CVE-2024-20677, “A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac,” according to Microsoft security bulletin.

In addition to the zero-day fix, Microsoft is also fixing 49 vulnerabilities. Here is a breakdown of each vulnerability category:

  • 12 Remote Code Execution Vulnerabilities
  • 11 Information Disclosure Vulnerabilities
  • 10 Elevation of Privilege Vulnerability
  • 7 Security Feature Bypass Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

For more information on vulnerabilities and the system that it affects, please refer to the full report from Microsoft linked here.

Related Posts

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • June 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version 126 immediately. The new update patches [...]

  • June 6, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 99 vulnerabilities discovered, including 82 WordPress plugin. [...]