Microsoft released its first patch on Tuesday, 2024, in which nearly 49 vulnerabilities have been fixed in Microsoft products and 5 vulnerabilities in non-Microsoft products. Among these 49 vulnerabilities, there were 12 remote code execution vulnerabilities.
However, only two vulnerabilities were categorized as critical by Microsoft, which were CVE-2024-20674 and CVE-2024-20700. These two vulnerabilities were found to be related to the security feature bypass.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Vulnerability Analysis
According to the reports shared with Cyber Security News, several vulnerabilities existed in different Microsoft products,, including Microsoft Server, .NET framework, Azure Storage Movement, Visual Studio, Identity Model, Microsoft Office, and many others.
The vulnerabilities were categorized as the following:
- Elevation of Privilege (10)
- Security Feature Bypass (7)
- Denial of Service (6)
- Remote Code Execution (12)
- Spoofing (3) and
- Information Disclosure (11)
Moreover, of the two critical vulnerabilities stated by Microsoft, CVE-2024-20674 was associated with the Windows Kerberos Security Feature Bypass, and CVE-2024-20700 was related to remote code execution in Windows Hyper-V.
In addition, there was another critical severity vulnerability with CVE-2024-0057 and another security feature bypass vulnerability affecting the.NET Framework and Visual Studio.
Furthermore, Microsoft also stated that there were nine vulnerabilities in these 49, which are more likely to be exploited by threat actors. The severity of these vulnerabilities ranges between 7.5 (high) and 9 (critical). They are,
However, there were no publicly exploited vulnerabilities among the patched list and five other non-Microsoft vulnerabilities belonging to SQLite (owned by MITRE corporation) and Google Chrome as per the Microsoft release notes for Jan 2024.
Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information. All users should update their products to the latest version to prevent these vulnerabilities from being exploited by threat actors.
Secure Your Network with Network Security Checklist: Download Free E-Book