Patch Tuesday January 2024: A New Year with Room to Breath and Plan
By Lewis Pope
With 2023 in the rearview mirror we have entered a new year that brings new opportunities and adventures, as well as the end of support for a number of Microsoft products. With the unusually low number of vulnerabilities that are being addressed by Microsoft this month, you should use any extra bandwidth this gives you to look ahead plan ahead. Your customers will need to plan and budget for migrations or decommissioning of any systems or services that are falling off the Microsoft support cliff.
It can be much easier to explain to a client why they should be looking to replace a piece of infrastructure that will be losing support in a few months in order to maintain a healthy risk profile, rather than trying to explain why they need to replace a piece of infrastructure that has been out of support for months but has been working just fine with no interruptions to productivity.
Microsoft Vulnerabilities
Microsoft addressed 49 vulnerabilities this month, no zero-days and no vulnerabilities under active exploitation. There are also only two critical vulnerabilities and nine designated as exploitation more likely, which is keeping the prioritization list. The trend of addressing vulnerabilities in new parts of the Windows ecosystem that do not typically show in the Patch Tuesday release notes has continued this month. One in particular involves the Microsoft Printer Metadata Troubleshooter Tool from last month.
CVE-2024-21325 is addressed by an update to the Microsoft Printer Metadata Troubleshooter Tool that was originally released in December 2023. This tool was released by Microsoft to address an issue with printers displaying as HP LasterJet M101-M106 and losing functionality on Windows 10 systems. If you have been using this tool it’s advised by Microsoft to delete the old one and download the new version from the Microsoft Download Center. While details are lite on the vulnerability, it does rank High on impact to Confidentiality, Integrity, and Availability as it requires no special privileges for exploitation making it easy for an attacker to compromise a system.
CVE-2024-20666 will be the challenge for many sysadmins and security teams this month. This Bitlocker security feature bypass vulnerability allows an attacker with physical possession of a Bitlocker encrypted drive to gain access to the encrypted data. There is no publicly disclosed use of this vulnerability and exploitation is deemed as less likely but anyone in regulated industries, such as medical, will need to take note. Make sure you review if any of your deployed Windows systems are affected by this vulnerability, and review the additional mitigation measures that may need to be taken as advised by Microsoft.
Microsoft Patch Tuesday Vulnerability Prioritization
Addressing vulnerabilities effectively requires a mix of adhering to established best practices and leveraging informed judgment. While it’s a natural instinct to rank vulnerabilities with critical severity ratings higher on the list of things that need to be addressed, relying on severity ratings alone can be limiting. An often-overlooked component is temporal metrics, which provide a measure of the window of vulnerability—the time from initial vulnerability discovery to the availability and application of the patch. This is essential as the longer a vulnerability exists without a fix, the greater the potential for exploitation. By integrating temporal metrics into the risk evaluation process, organizations can gain a more comprehensive understanding of the threat landscape and potential attack vectors, ensuring that they don’t leave themselves open to unnecessary risks.
Table Key: Severity: C = Critical, I = Important, M = Moderate, R = Re-issue; Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected, N/A = Not Available
|
CVE Number |
CVE Title |
Severity |
Status |
|
Windows Kerberos Security Feature Bypass Vulnerability |
EML |
C |
|
|
Microsoft SharePoint Server Remote Code Execution Vulnerability |
EML |
I |
|
|
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
EML |
I |
|
|
Remote Desktop Client Remote Code Execution Vulnerability |
EML |
I |
|
|
Windows Kernel Elevation of Privilege Vulnerability |
EML |
I |
|
|
Win32k Elevation of Privilege Vulnerability |
EML |
I |
|
|
Win32k Elevation of Privilege Vulnerability |
EML |
I |
|
|
Microsoft Common Log File System Elevation of Privilege Vulnerability |
EML |
I |
|
|
Windows HTML Platforms Security Feature Bypass Vulnerability |
EML |
I |
|
|
Windows Hyper-V Remote Code Execution Vulnerability |
ELL |
C |
Summary
As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected and Exploitation More Likely vulnerabilities in your Patch Management routines.
Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out this section of our blog.
Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd
LinkedIn: thesecuritypope
Twitch: cybersec_nerd
© N‑able Solutions ULC e N‑able Technologies Ltd. Tutti i diritti riservati.
Il presente documento viene fornito per puro scopo informativo e i suoi contenuti non vanno considerati come una consulenza legale. N‑able non rilascia alcuna garanzia, esplicita o implicita, né si assume alcuna responsabilità legale per quanto riguarda l’accuratezza, la completezza o l’utilità delle informazioni qui contenute.
N-ABLE, N-CENTRAL e gli altri marchi e loghi di N‑able sono di esclusiva proprietà di N‑able Solutions ULC e N‑able Technologies Ltd. e potrebbero essere marchi di common law, marchi registrati o in attesa di registrazione presso l’Ufficio marchi e brevetti degli Stati Uniti e di altri paesi. Tutti gli altri marchi menzionati qui sono utilizzati esclusivamente a scopi identificativi e sono marchi (o potrebbero essere marchi registrati) delle rispettive aziende.