- 세일즈포스AI의 CEO 클라라 시, 20개월 만에 사임
- 기업에 'AI 윤리 전문가'가 필요할까?
- This 'lifelike' AI granny is infuriating phone scammers. Here's how - and why
- Upgrade to Windows 11 Pro for $18 - the lowest price this year
- One of the most reliable power banks I've tested can even inflate car tires (and get 50% off in this Black Friday deal)
VERT Threat Alert: January 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
.NET Core & Visual Studio |
1 |
CVE-2024-20672 |
|
Windows Hyper-V |
2 |
CVE-2024-20699, CVE-2024-20700 |
|
Microsoft Devices |
1 |
CVE-2024-21325 |
|
Microsoft Identity Services |
1 |
CVE-2024-21319 |
|
Windows Cryptographic Services |
2 |
CVE-2024-20682, CVE-2024-21311 |
|
Remote Desktop Client |
1 |
CVE-2024-21307 |
|
Visual Studio |
1 |
CVE-2024-20656 |
|
Windows Common Log File System Driver |
1 |
CVE-2024-20653 |
|
Windows Collaborative Translation Framework |
1 |
CVE-2024-20694 |
|
Azure Storage Mover |
1 |
CVE-2024-20676 |
|
SQLite |
1 |
CVE-2022-35737 |
|
Windows Themes |
2 |
CVE-2024-20691, CVE-2024-21320 |
|
Microsoft Office SharePoint |
1 |
CVE-2024-21318 |
|
SQL Server |
1 |
CVE-2024-0056 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-21310 |
|
Windows Win32 Kernel Subsystem |
1 |
CVE-2024-20686 |
|
Windows Kernel |
1 |
CVE-2024-20698 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2024-21306 |
|
Windows Local Security Authority Subsystem Service (LSASS) |
1 |
CVE-2024-20692 |
|
Windows AllJoyn API |
1 |
CVE-2024-20687 |
|
Windows Nearby Sharing |
1 |
CVE-2024-20690 |
|
Microsoft Office |
1 |
CVE-2024-20677 |
|
Unified Extensible Firmware Interface |
1 |
CVE-2024-21305 |
|
Windows Subsystem for Linux |
1 |
CVE-2024-20681 |
|
Windows Scripting |
1 |
CVE-2024-20652 |
|
Windows ODBC Driver |
1 |
CVE-2024-20654 |
|
.NET Framework |
1 |
CVE-2024-21312 |
|
Windows Libarchive |
2 |
CVE-2024-20696, CVE-2024-20697 |
|
Windows Win32K |
1 |
CVE-2024-20683 |
|
.NET and Visual Studio |
1 |
CVE-2024-0057 |
|
Windows Authentication Methods |
1 |
CVE-2024-20674 |
|
Windows TCP/IP |
1 |
CVE-2024-21313 |
|
Windows Message Queuing |
6 |
CVE-2024-20680, CVE-2024-20660, CVE-2024-20661, CVE-2024-20663, CVE-2024-20664, CVE-2024-21314 |
|
Windows Group Policy |
1 |
CVE-2024-20657 |
|
Windows Server Key Distribution Service |
1 |
CVE-2024-21316 |
|
Windows Kernel-Mode Drivers |
1 |
CVE-2024-21309 |
|
Microsoft Virtual Hard Drive |
1 |
CVE-2024-20658 |
|
Windows BitLocker |
1 |
CVE-2024-20666 |
|
Microsoft Edge (Chromium-based) |
4 |
CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 |
|
Windows Online Certificate Status Protocol (OCSP) SnapIn |
2 |
CVE-2024-20655, CVE-2024-20662 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
