- I recommend the Pixel 9 to most people looking to upgrade - especially while it's $250 off
- Google's viral research assistant just got its own app - here's how it can help you
- Sony will give you a free 55-inch 4K TV right now - but this is the last day to qualify
- I've used virtually every Linux distro, but this one has a fresh perspective
- The 7 gadgets I never travel without (and why they make such a big difference)
VERT Threat Alert: January 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
.NET Core & Visual Studio |
1 |
CVE-2024-20672 |
|
Windows Hyper-V |
2 |
CVE-2024-20699, CVE-2024-20700 |
|
Microsoft Devices |
1 |
CVE-2024-21325 |
|
Microsoft Identity Services |
1 |
CVE-2024-21319 |
|
Windows Cryptographic Services |
2 |
CVE-2024-20682, CVE-2024-21311 |
|
Remote Desktop Client |
1 |
CVE-2024-21307 |
|
Visual Studio |
1 |
CVE-2024-20656 |
|
Windows Common Log File System Driver |
1 |
CVE-2024-20653 |
|
Windows Collaborative Translation Framework |
1 |
CVE-2024-20694 |
|
Azure Storage Mover |
1 |
CVE-2024-20676 |
|
SQLite |
1 |
CVE-2022-35737 |
|
Windows Themes |
2 |
CVE-2024-20691, CVE-2024-21320 |
|
Microsoft Office SharePoint |
1 |
CVE-2024-21318 |
|
SQL Server |
1 |
CVE-2024-0056 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-21310 |
|
Windows Win32 Kernel Subsystem |
1 |
CVE-2024-20686 |
|
Windows Kernel |
1 |
CVE-2024-20698 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2024-21306 |
|
Windows Local Security Authority Subsystem Service (LSASS) |
1 |
CVE-2024-20692 |
|
Windows AllJoyn API |
1 |
CVE-2024-20687 |
|
Windows Nearby Sharing |
1 |
CVE-2024-20690 |
|
Microsoft Office |
1 |
CVE-2024-20677 |
|
Unified Extensible Firmware Interface |
1 |
CVE-2024-21305 |
|
Windows Subsystem for Linux |
1 |
CVE-2024-20681 |
|
Windows Scripting |
1 |
CVE-2024-20652 |
|
Windows ODBC Driver |
1 |
CVE-2024-20654 |
|
.NET Framework |
1 |
CVE-2024-21312 |
|
Windows Libarchive |
2 |
CVE-2024-20696, CVE-2024-20697 |
|
Windows Win32K |
1 |
CVE-2024-20683 |
|
.NET and Visual Studio |
1 |
CVE-2024-0057 |
|
Windows Authentication Methods |
1 |
CVE-2024-20674 |
|
Windows TCP/IP |
1 |
CVE-2024-21313 |
|
Windows Message Queuing |
6 |
CVE-2024-20680, CVE-2024-20660, CVE-2024-20661, CVE-2024-20663, CVE-2024-20664, CVE-2024-21314 |
|
Windows Group Policy |
1 |
CVE-2024-20657 |
|
Windows Server Key Distribution Service |
1 |
CVE-2024-21316 |
|
Windows Kernel-Mode Drivers |
1 |
CVE-2024-21309 |
|
Microsoft Virtual Hard Drive |
1 |
CVE-2024-20658 |
|
Windows BitLocker |
1 |
CVE-2024-20666 |
|
Microsoft Edge (Chromium-based) |
4 |
CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 |
|
Windows Online Certificate Status Protocol (OCSP) SnapIn |
2 |
CVE-2024-20655, CVE-2024-20662 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
