Microsoft Kicks Off 2024 with a Whopper of a Patch Tuesday: A Hilariously Geeky Breakdown

Kicking off 2024 with a bang, Microsoft tackled 49 vulnerabilities on its first Patch Tuesday of the year. While only two were critical, remember that in the realm of cybersecurity, each flaw could be a cybercriminal’s golden ticket. So, let’s peel back the curtain on this month’s Microsoft Patch Tuesday Vulnerabilities. Stay secure, folks!

Hot Take:

Seems like the folks at Microsoft decided to start 2024 with a bang – or rather, a patch. A whopping 49 flaws fixed and 12 remote code executions dealt with, that’s not your regular Tuesday. Given that only two of these were classified as critical, I’d say we’re off to a decent start this year. However, do remember, in the world of cybersecurity, every flaw is a potential invitation to those with nefarious intents. So let’s dive into the geeky nitty-gritty of this Patch Tuesday.

Key Points:

  • Microsoft’s January 2024 Patch Tuesday addressed a total of 49 vulnerabilities, including 12 remote code execution flaws.
  • Only two vulnerabilities were classified as critical: a Windows Kerberos Security Feature Bypass and a Hyper-V RCE.
  • Among the bugs fixed, there were 10 Elevation of Privilege, 7 Security Feature Bypass, 11 Information Disclosure, 6 Denial of Service, and 3 Spoofing vulnerabilities.
  • Microsoft also fixed an Office Remote Code Execution Vulnerability (CVE-2024-20677) that could allow an attacker to execute malicious code via Office documents with embedded FBX 3D model files.
  • Other companies, including Cisco, Google, Ivanti, and SAP, also released security updates in January 2024.

Need to know more?

More than meets the eye

Among the myriad of bugs squashed, one stands out - a rather impressive Office Remote Code Execution Vulnerability which allowed threat actors to execute remote codes using Office documents with embedded 3D model files. As of now, Microsoft has disabled the ability to insert these specific files in Word, Excel, PowerPoint, and Outlook for Windows and Mac.

Kerberos, the three-headed bug

Another critical bug making headlines is the Windows Kerberos bug (CVE-2024-20674), which if left unattended could bypass the authentication feature. This would essentially allow an attacker to pose as the Kerberos authentication server – a kind of wolf in sheep's clothing scenario. Thankfully, this bug has been put to rest.

Not just Microsoft

It seems Microsoft wasn't the only one playing whack-a-mole with bugs, as other companies also released security updates. Cisco tackled a privilege elevation flaw in the Cisco Identity Services Engine. Google released Android's January 2024 security updates. Ivanti patched a critical remote code execution vulnerability in its Endpoint Management software. SAP too rolled out its January 2024 Patch Day updates. And let's not forget the new KyberSlash attack threatening numerous Quantum encryption projects.

Keeping score

While it's great to see Microsoft and other tech giants working tirelessly to secure their software, remember that the battle against cyber threats is ongoing. Stay vigilant, stay updated, and remember to patch, patch, patch!
Tags: Critical Flaws, Cybersecurity Updates, Microsoft Edge, Microsoft Patch Tuesday, Office Security Features, Remote Code Execution Vulnerabilities, Windows Kerberos