- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
VERT Threat Alert: January 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
.NET Core & Visual Studio |
1 |
CVE-2024-20672 |
|
Windows Hyper-V |
2 |
CVE-2024-20699, CVE-2024-20700 |
|
Microsoft Devices |
1 |
CVE-2024-21325 |
|
Microsoft Identity Services |
1 |
CVE-2024-21319 |
|
Windows Cryptographic Services |
2 |
CVE-2024-20682, CVE-2024-21311 |
|
Remote Desktop Client |
1 |
CVE-2024-21307 |
|
Visual Studio |
1 |
CVE-2024-20656 |
|
Windows Common Log File System Driver |
1 |
CVE-2024-20653 |
|
Windows Collaborative Translation Framework |
1 |
CVE-2024-20694 |
|
Azure Storage Mover |
1 |
CVE-2024-20676 |
|
SQLite |
1 |
CVE-2022-35737 |
|
Windows Themes |
2 |
CVE-2024-20691, CVE-2024-21320 |
|
Microsoft Office SharePoint |
1 |
CVE-2024-21318 |
|
SQL Server |
1 |
CVE-2024-0056 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-21310 |
|
Windows Win32 Kernel Subsystem |
1 |
CVE-2024-20686 |
|
Windows Kernel |
1 |
CVE-2024-20698 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2024-21306 |
|
Windows Local Security Authority Subsystem Service (LSASS) |
1 |
CVE-2024-20692 |
|
Windows AllJoyn API |
1 |
CVE-2024-20687 |
|
Windows Nearby Sharing |
1 |
CVE-2024-20690 |
|
Microsoft Office |
1 |
CVE-2024-20677 |
|
Unified Extensible Firmware Interface |
1 |
CVE-2024-21305 |
|
Windows Subsystem for Linux |
1 |
CVE-2024-20681 |
|
Windows Scripting |
1 |
CVE-2024-20652 |
|
Windows ODBC Driver |
1 |
CVE-2024-20654 |
|
.NET Framework |
1 |
CVE-2024-21312 |
|
Windows Libarchive |
2 |
CVE-2024-20696, CVE-2024-20697 |
|
Windows Win32K |
1 |
CVE-2024-20683 |
|
.NET and Visual Studio |
1 |
CVE-2024-0057 |
|
Windows Authentication Methods |
1 |
CVE-2024-20674 |
|
Windows TCP/IP |
1 |
CVE-2024-21313 |
|
Windows Message Queuing |
6 |
CVE-2024-20680, CVE-2024-20660, CVE-2024-20661, CVE-2024-20663, CVE-2024-20664, CVE-2024-21314 |
|
Windows Group Policy |
1 |
CVE-2024-20657 |
|
Windows Server Key Distribution Service |
1 |
CVE-2024-21316 |
|
Windows Kernel-Mode Drivers |
1 |
CVE-2024-21309 |
|
Microsoft Virtual Hard Drive |
1 |
CVE-2024-20658 |
|
Windows BitLocker |
1 |
CVE-2024-20666 |
|
Microsoft Edge (Chromium-based) |
4 |
CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225 |
|
Windows Online Certificate Status Protocol (OCSP) SnapIn |
2 |
CVE-2024-20655, CVE-2024-20662 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
