Welcome to the first Patch Tuesday of 2024. We’re two weeks into the new year, and I’ve already failed and forgotten most of my resolutions. Thankfully, however, my goal of impeccable patch management is still intact because Microsoft just dropped a fresh batch of updates that are ready to deploy — after thorough testing, of course. 😉
Let’s take a look at a few of the highlights.
Total exploits patched: 49
Critical patches: 2
Already known or exploited: 0
Some highlights (or lowlights)
CVE-2024-20674: Our first critical patch of 2024 comes in with a 9.0 CVSS rating. This vulnerability takes advantage of a Kerberos security feature bypass in which an attacker could utilize network spoofing techniques to send a malicious Kerberos message to a targeted machine.
CVE-2024-20700: This remote code execution vulnerability targeting Hyper-V received a critical rating, though the actual CVSS score only comes in at a 7.5. To take advantage of this vulnerability, an attack must launch from the same physical or logical network. The attack itself is very complex and relies on conditions outside the attacker’s control.
CVE-2024-0057: Our last highlight (or lowlight) has a severity rating of important, though the actual CVSS score is a 9.1. This vulnerability targets NET, .NET Framework, and Visual Studio, which increases the CVSS score because it impacts software libraries. With a network attack vector and a low complexity, I’d recommend testing and distributing this patch sooner rather than later.
One Patch Tuesday down, eleven more to go in 2024. While most of my New Year’s resolutions didn’t make it more than 24 hours, were they really that important? I can always work on mental and physical health next year. Proper patch management, on the other hand, is not only crucial but also easily achievable thanks to PDQ Connect and PDQ Deploy & Inventory. But don’t take my word for it — discover how PDQ’s suite of products can revolutionize your patch management process with a 14-day free trial.