REDLEGG BLOG
96 Bravo Logo, Critical Security Bulletin

Patch Tuesday - January 2024

1/9/24 4:14 PM  |  by RedLegg Blog

*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention. Vulnerabilities are indexed in order according to evidence of active exploitation and level of severity.

VULNERABILITIES

.NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Identifier: CVE-2024-0057 
Exploit or POC: No
Update Guide: CVE-2024-0057 – Security Update Guide

Description: CVE-2024-0057 allows for security feature bypassing. Authentication and user interaction are not required for successful exploitation. This vulnerability could allow an adversary to create specially crafted X.509 certificates to trigger a chain building failure. The vulnerable component is present when the Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. 

Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-0057 – Security Update Guide.

 

Windows Kerberos Security Feature Bypass Vulnerability

Identifier: CVE-2024-20674
Exploit or POC: No
Update Guide: CVE-2024-20674 – Security Update Guide

Description: CVE-2024-20674 allows for security feature bypassing. Authentication and user interaction are not required for successful exploitation. Successful exploitation of this vulnerability can be achieved via machine-in-the-middle (MITM) attack or other local network spoofing technique, followed by a malicious Kerberos message sent to the client victim machine to spoof itself as the Kerberos authentication server.

Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-20674 – Security Update Guide.

 

Microsoft SharePoint Server Remote Code Execution Vulnerability

Identifier: CVE-2024-21318
Exploit or POC: No
Update Guide: CVE-2024-21318 – Security Update Guide

Description: CVE-2024-21318 allows for remote code execution. Authentication is required for successful exploitation. This vulnerability does not require user interaction. Successful exploitation of this vulnerability could allow an adversary with Site Owner permissions to write arbitrary code to inject and execute code remotely on the SharePoint Server. 

Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21318 – Security Update Guide.

 

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

Identifier: CVE-2024-0056
Exploit or POC: No
Update Guide: CVE-2023-0056 – Security Update Guide

Description: CVE-2024-0056 allows for security feature bypassing. User interaction is not required to successfully exploit this vulnerability. Successful exploitation allows an adversary to  carry out a machine-in-the-middle (MITM) attack and could decrypt, read, or modify TLS traffic between the client and server. 

Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-0056 – Security Update Guide.

 

Microsoft ODBC Driver Remote Code Execution Vulnerability

Identifier: CVE-2024-20654
Exploit or POC: No
Update Guide: CVE-2024-20654 – Security Update Guide

Description: CVE-2024-20654 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. Successful exploitation could allow an adversary to employ social engineering techniques to convince a user to connect to a malicious SQL server via ODBC, thereby resulting in the client receiving a malicious networking packet. This could allow the adversary to execute code remotely on the client.

Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-20654 – Security Update Guide.

 

Azure Storage Mover Remote Code Execution Vulnerability

Identifier: CVE-2024-20676
Exploit or POC: No
Update Guide: CVE-2024-20676 – Security Update Guide

Description: CVE-2024-20676 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. Successful exploitation could allow an adversary to gain access to the installed agent and perform execution of remote code.

Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-20676 – Security Update Guide.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities Bulletin, Vulnerability Bulletins

Emergency Security Bulletin: Microsoft & Ivanti Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability Bulletin, Vulnerability Bulletins

Emergency Security Bulletin: PAN-OS Management Interface Remote Code Execution Vulnerability

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin