Microsoft Fixes 12 RCE Bugs in January Patch Tuesday

Written by

Microsoft has begun the year with patches for a near-half century of CVEs, although there were no zero-day bugs addressed in the January 2024 Patch Tuesday yesterday.

The haul included fixes for just two critical CVEs: impacting the Windows Kerberos authentication protocol and the Windows Hyper-V virtualization offering.

CVE-2024-20674 affects the former. It is a security feature bypass vulnerability with a CVSS score of 9.0, which could allow unauthorized exploitation of Kerberos authentication.

To exploit the bug, a threat actor would need to craft a machine-in-the-middle (MITM) attack or local network spoofing to pose as the Kerberos authentication server, and send a malicious message to the targeted machine, according to Action1 president, Mike Walters.

“According to the CVSS metric, the attack vector for this vulnerability is categorized as ‘adjacent’ (AV:A), indicating that the attacker must first gain access to a restricted network to launch the attack successfully,” he explained.

“Moreover, successful exploitation could result in a scope change (S:C). This indicates that the vulnerability’s impact extends beyond the security scope managed by the authority responsible for the affected component, affecting components managed by different security authorities.”

Read more on Patch Tuesday: Microsoft Fixes 34 CVEs and One Zero-Day in December Patch Tuesday

Although there’s no exploit code currently available, the bug is known to affect Windows 10, Windows 11, Windows Server 2019 and Windows Server 2022.

The second critical vulnerability, in Windows Hyper-V, is marked as CVE-2024-20700 and has a CVSS score of 7.5.

Although it could be exploited without any special privileges or user interaction, it requires a threat actor to first access a restricted network, and attack complexity is rated “high,” Walters claimed.

“This suggests that successful exploitation requires winning a race condition, necessitating precise manipulation of event timing and sequence to execute malicious code,” he added.

Saeed Abbasi, product manager for vulnerability research at the Qualys Threat Research Unit (TRU), also highlighted the “important” rated flaw CVE-2024-0056 as worthy of scrutiny by system administrators.

Successful exploitation of the security feature bypass vulnerability could enable a threat actor to carry out a MITM attack and decrypt and read or modify TLS traffic between client and server.

Although attack complexity is high, the threat is potentially significant for organizations.

“If exploited, this vulnerability could result in data breaches, compromise data integrity, and lead to unauthorized access to sensitive information,” explained Abbasi. “Strengthening network security to make MITM attacks more complex by using secure network protocols, monitoring network traffic for anomalies, and implementing robust firewall rules are recommended.”

Image credit: CHERRY.JUICE / Shutterstock.com

What’s hot on Infosecurity Magazine?