In January 2024, Microsoft rolled out a security update patching a total of 49 flaws in its products, including two critical vulnerabilities. The update also addressed issues in five non-Microsoft products.
Highlights of the Patch
The most severe vulnerabilities patched by Microsoft included two critical ones that could potentially bypass security features. These flaws, identified as CVE-2024-20674 and CVE-2024-20700, require immediate attention due to their serious implications.
Detailed Vulnerability Breakdown
The vulnerabilities spanned various categories, including remote code execution, security feature bypass, and elevation of privilege, among others. The patched issues affected a range of products from Microsoft’s portfolio, such as Microsoft Server, Visual Studio, and the .NET framework. A critical severity and a security feature bypass vulnerability impacting the .NET Framework and Visual Studio drew particular concern.
Microsoft highlighted that nine of the addressed vulnerabilities were at higher risk of exploitation, with severity ratings between 7.5 and 9. Notably, there were no instances of public exploitation for the vulnerabilities covered in the patch, which also remedied five additional security flaws in non-Microsoft products.
Microsoft urges users to install the latest updates to protect against potential exploitations by cyber attackers. The company has provided a comprehensive list of the patched vulnerabilities, offering insights into exploit techniques and in-depth descriptions.