Skip to content

Patch Tuesday January 2024

Brock Bingham candid headshot
Brock Bingham|January 10, 2024
Image of a doctor's kit and bandaid.
Image of a doctor's kit and bandaid.

Welcome to the first Patch Tuesday of 2024. We’re two weeks into the new year, and I’ve already failed and forgotten most of my resolutions. Thankfully, however, my goal of impeccable patch management is still intact because Microsoft just dropped a fresh batch of updates that are ready to deploy — after thorough testing, of course. 😉

Let’s take a look at a few of the highlights.

  • Total exploits patched: 49

  • Critical patches: 2

  • Already known or exploited: 0

Some highlights (or lowlights)

  • CVE-2024-20674: Our first critical patch of 2024 comes in with a 9.0 CVSS rating. This vulnerability takes advantage of a Kerberos security feature bypass in which an attacker could utilize network spoofing techniques to send a malicious Kerberos message to a targeted machine.

  • CVE-2024-20700: This remote code execution vulnerability targeting Hyper-V received a critical rating, though the actual CVSS score only comes in at a 7.5. To take advantage of this vulnerability, an attack must launch from the same physical or logical network. The attack itself is very complex and relies on conditions outside the attacker’s control.

  • CVE-2024-0057: Our last highlight (or lowlight) has a severity rating of important, though the actual CVSS score is a 9.1. This vulnerability targets NET, .NET Framework, and Visual Studio, which increases the CVSS score because it impacts software libraries. With a network attack vector and a low complexity, I’d recommend testing and distributing this patch sooner rather than later.

Wrapping up

One Patch Tuesday down, eleven more to go in 2024. While most of my New Year’s resolutions didn’t make it more than 24 hours, were they really that important? I can always work on mental and physical health next year. Proper patch management, on the other hand, is not only crucial but also easily achievable thanks to PDQ Connect and PDQ Deploy & Inventory. But don’t take my word for it — discover how PDQ’s suite of products can revolutionize your patch management process with a 14-day free trial.


Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles