CVE-2024-20674 & 20700: Two Critical Flaws in Microsoft Patch Tuesday January 2024
The start of 2024 marked a significant milestone for Microsoft as it launched its first Patch Tuesday update of the year. This release was a comprehensive attempt to fortify the digital ramparts, addressing 49 security defects across various Windows OS and software components. Remarkably, the update included fixes for multiple Chromium bugs, elevating the total number of CVEs addressed to 53.
In this latest update, Microsoft identified two patches as ‘Critical’ and 47 as ‘Important’. A noteworthy aspect of this Patch Tuesday release was that none of the CVEs were known publicly or under active attack at the time of release. This proactive approach highlights Microsoft’s dedication to staying ahead of potential cybersecurity threats.
Spotlight on Key Vulnerabilities
1. CVE-2024-20674 (CVSS 9.0) – Kerberos Security Feature Bypass: Topping the list with the highest CVSS rating this month, this vulnerability in Windows Kerberos could enable an unauthenticated attacker to execute a machine-in-the-middle (MitM) attack, spoofing a Kerberos server. Microsoft anticipates potential public exploit code within 30 days, underscoring the urgency of this patch.
“An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server,” reads the CVE-2024-20674 bulletin.
2. CVE-2024-20700 (CVSS 7.5) – Windows Hyper-V Remote Code Execution: Another critical patch, this vulnerability does not require authentication or user interaction, making it particularly attractive to exploit writers. The nature of the exploit, involving a race condition, has been seen in successful Pwn2Own contest exploits, adding to its notoriety.
3. CVE-2024-0056 (CVSS 8.7)- SQL Data Provider Security Feature Bypass: This vulnerability affects Microsoft.Data.SqlClient and System.Data.SqlClient, allowing an MITM attacker to decrypt, read, or modify TLS traffic. Full protection requires additional steps beyond the patch, including loading specific NuGet packages, demonstrating the layered approach needed for comprehensive security.