- Get the AirPods Pro 2 for $60 off ahead of October Prime Day
- Best early anti-Prime Day deals to shop in October 2024
- 5 hurricane-tracking apps I rely on as a Floridian tech pro - and which one is my favorite
- Best Prime Day deals under $100 to shop in October 2024
- One of the most reliable power banks I've tested is not made by Anker or Baseus
VERT Threat Alert: January 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
.NET Core & Visual Studio |
1 |
CVE-2024-20672 |
|
Windows Hyper-V |
2 |
CVE-2024-20699, CVE-2024-20700 |
|
Microsoft Devices |
1 |
CVE-2024-21325 |
|
Microsoft Identity Services |
1 |
CVE-2024-21319 |
|
Windows Cryptographic Services |
2 |
CVE-2024-20682, CVE-2024-21311 |
|
Remote Desktop Client |
1 |
CVE-2024-21307 |
|
Visual Studio |
1 |
CVE-2024-20656 |
|
Windows Common Log File System Driver |
1 |
CVE-2024-20653 |
|
Windows Collaborative Translation Framework |
1 |
CVE-2024-20694 |
|
Azure Storage Mover |
1 |
CVE-2024-20676 |
|
SQLite |
1 |
CVE-2022-35737 |
|
Windows Themes |
2 |
CVE-2024-20691, CVE-2024-21320 |
|
Microsoft Office SharePoint |
1 |
CVE-2024-21318 |
|
SQL Server |
1 |
CVE-2024-0056 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-21310 |
|
Windows Win32 Kernel Subsystem |
1 |
CVE-2024-20686 |
|
Windows Kernel |
1 |
CVE-2024-20698 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2024-21306 |
|
Windows Local Security Authority Subsystem Service (LSASS) |
1 |
CVE-2024-20692 |
|
Windows AllJoyn API |
1 |
CVE-2024-20687 |
|
Windows Nearby Sharing |
1 |
CVE-2024-20690 |
|
Microsoft Office |
1 |
CVE-2024-20677 |
|
Unified Extensible Firmware Interface |
1 |
CVE-2024-21305 |
|
Windows Subsystem for Linux |
1 |
CVE-2024-20681 |
|
Windows Scripting |
1 |
CVE-2024-20652 |
|
Windows ODBC Driver |
1 |
CVE-2024-20654 |
|
.NET Framework |
1 |
CVE-2024-21312 |
|
Windows Libarchive |
2 |
CVE-2024-20696, CVE-2024-20697 |
|
Windows Win32K |
1 |
CVE-2024-20683 |
|
.NET and Visual Studio |
1 |
CVE-2024-0057 |
|
Windows Authentication Methods |
1 |
CVE-2024-20674 |
|
Windows TCP/IP |
1 |
CVE-2024-21313 |
|
Windows Message Queuing |
6 |
CVE-2024-20680, CVE-2024-20660, CVE-2024-20661, CVE-2024-20663, CVE-2024-20664, CVE-2024-21314 |
|
Windows Group Policy |
1 |
CVE-2024-20657 |
|
Windows Server Key Distribution Service |
1 |
CVE-2024-21316 |
|
Windows Kernel-Mode Drivers |
1 |
CVE-2024-21309 |
|
Microsoft Virtual Hard Drive |
1 |
CVE-2024-20658 |
|
Windows BitLocker |
1 |
CVE-2024-20666 |
|
Microsoft Edge (Chromium-based) |
4 |
CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 |
|
Windows Online Certificate Status Protocol (OCSP) SnapIn |
2 |
CVE-2024-20655, CVE-2024-20662 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
