Microsoft January 2024 Security update
CVE-2024-20674, CVE-2024-0057 and CVE-2024-20677
Microsoft published their January 2024 security update with patches for 48 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 3 in this blog that were categorized as either critical or high severity. There is no available evidence to suggest that these vulnerabilities have been actively exploited in the wild.
Impacted Product: Windows
| Impacted Versions |
| Windows Server 2008 R2 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition |
| Windows 10, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 Version 21H2, Windows 11 Version 22H2, Windows 11 Version 23H2 |
Vulnerabilities Impacting Windows:
| CVE-2024-20674 | CVSS: 9.0 – Critical MS Max Severity: Critical | No exploitation observed |
| Security Feature Bypass – An unauthorized threat actor could exploit this vulnerability by executing a machine-in-the-middle (MITM) attack or employing other local network spoofing techniques. In doing so, they could send a malicious Kerberos message to the targeted client machine, tricking it into believing that the threat actor’s machine is the legitimate Kerberos authentication server. Note: For this vulnerability to be exploitable a threat actor must first gain access to the restricted network. | ||
Impacted Product: Visual Studio and .NET Framework
| Impacted Versions |
| Visual Studio 2022 |
| .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1; .NET Framework 3.0 Service Pack 2; .NET Framework 2.0 Service Pack 2; and .NET 6.0, 7.0, 8.0 |
Vulnerabilities Impacting Visual Studio and .NET Framework:
| CVE-2024-0057 | CVSS: 9.1 – Critical MS Max Severity: Important | No exploitation observed |
| Security Feature Bypass – A flaw in Microsoft .NET Framework’s X.509 chain building APIs allows threat actors to present invalid certificates, triggering a bug. Applications relying on this inaccurate reason code may misinterpret the failure as a successful chain build, allowing threat actors to bypass normal authentication logic. | ||
Impacted Product: Microsoft Office and 365 Apps for Enterprise
| Impacted Versions |
| Microsoft Office LTSC and 2019 |
| Microsoft 365 Apps for Enterprise |
Vulnerabilities Impacting Microsoft Office and 365 Apps for Enterprise
| CVE-2024-20677 | CVSS: 7.8 – High MS Max Severity: Important | No exploitation observed |
| Remote Code Execution – To successfully exploit this vulnerability and achieve remote code execution, a threat actor would need to generate specially crafted Office documents with embedded FBX 3D model files. Note: The security update for Microsoft Office 2021 for Mac is not currently available at the time of writing. Microsoft states the update will be released as soon as possible and customers will be notified. | ||
Recommendations
Recommendation: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.
| Product | CVE | Update |
| Windows Server 2012 R2 | CVE-2024-20674, CVE-2024-0057 | 5034171, 5034279 |
| Windows Server 2012 | CVE-2024-20674, CVE-2024-0057 | 5034184, 5034278 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-20674, CVE-2024-0057 | 5034169, 5034167, 5034277 |
| Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2 | CVE-2024-20674, CVE-2024-0057 | 5034173, 5034176, 5034280, 5034270 |
| Windows Server 2016 | CVE-2024-20674, CVE-2024-0057 | 5034119, 5033910 |
| Windows 10 Version 1607 for x64-based and 32-bit Systems | CVE-2024-20674, CVE-2024-0057 | 5034119, 5033910 |
| Windows 10 for x64-based Systems and 32-bit Systems | CVE-2024-20674 | 5034134 |
| Windows Server 2022, 23H2 Edition | CVE-2024-20674 | 5034130 |
| Windows 11 Version 23H2 for x64-based and ARM64-based Systems | CVE-2024-0057 | 5033920 |
| Windows 11 Version 22H2 ARM64-based Systems and x64-based Systems | CVE-2024-20674 | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems and x64-based Systems | CVE-2024-20674 | 5034123 |
| Windows 10 Version 21H2 for 32-bit Systems, ARM64-based Systems, and x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034122, 5034274, 5034275 |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034122, 5034274, 5034275 |
| Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-20674, CVE-2024-0057 | 5034275, 5034122, 5034274 |
| Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5033920, 5034122, 5034274, 5034275 |
| Windows 11 version 21H2 for ARM64-based Systems x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034121, 5034276 |
| Windows Server 2022 | CVE-2024-20674, CVE-2024-0057 | 5034129, 5034272 |
| Windows Server 2019 | CVE-2024-20674, CVE-2024-0057 | 5034127, 5034273 |
| Windows 10 Version 1809 for 32-bit Systems, ARM64-based Systems, and x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034127, 5034273 |
| Microsoft Office LTSC 2021 for 32-bit and 64-bit editions | CVE-2024-20677 | Release notes |
| Microsoft Office LTSC for Mac 2021 | CVE-2024-20677 | Update not available |
| Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems | CVE-2024-20677 | Release notes |
| Microsoft Office 2019 for 32-bit and 64-bit editions | CVE-2024-20677 | Release notes |
| Microsoft Visual Studio 2022 version 17.8 | CVE-2024-0057 | Release Notes |
| Microsoft Visual Studio 2022 version 17.6 | CVE-2024-0057 | Release Notes |
| Microsoft Visual Studio 2022 version 17.4 | CVE-2024-0057 | Release Notes |
| Microsoft Visual Studio 2022 version 17.2 | CVE-2024-0057 | Release Notes |
| .NET 6.0 | CVE-2024-0057 | 5033733 |
| .NET 7.0 | CVE-2024-0057 | 5033734 |
| .NET 8.0 | CVE-2024-0057 | 5033741 |
Note: Please follow your organization’s patching and testing guidelines to avoid any operational impact.
On January 9, 2024, Microsoft published their January 2024 security update with patches for 48 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 3 in this blog that were categorized as either critical or high severity. There is no available evidence to suggest that these vulnerabilities have been actively exploited in the wild.
Impacted Product: Windows
| Impacted Versions |
| Windows Server 2008 R2 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition |
| Windows 10, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 Version 21H2, Windows 11 Version 22H2, Windows 11 Version 23H2 |
Vulnerabilities Impacting Windows:
| CVE-2024-20674 | CVSS: 9.0 – Critical MS Max Severity: Critical | No exploitation observed |
| Security Feature Bypass – An unauthorized threat actor could exploit this vulnerability by executing a machine-in-the-middle (MITM) attack or employing other local network spoofing techniques. In doing so, they could send a malicious Kerberos message to the targeted client machine, tricking it into believing that the threat actor’s machine is the legitimate Kerberos authentication server. Note: For this vulnerability to be exploitable a threat actor must first gain access to the restricted network. | ||
Impacted Product: Visual Studio and .NET Framework
| Impacted Versions |
| Visual Studio 2022 |
| .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1; .NET Framework 3.0 Service Pack 2; .NET Framework 2.0 Service Pack 2; and .NET 6.0, 7.0, 8.0 |
Vulnerabilities Impacting Visual Studio and .NET Framework:
| CVE-2024-0057 | CVSS: 9.1 – Critical MS Max Severity: Important | No exploitation observed |
| Security Feature Bypass – A flaw in Microsoft .NET Framework’s X.509 chain building APIs allows threat actors to present invalid certificates, triggering a bug. Applications relying on this inaccurate reason code may misinterpret the failure as a successful chain build, allowing threat actors to bypass normal authentication logic. | ||
Impacted Product: Microsoft Office and 365 Apps for Enterprise
| Impacted Versions |
| Microsoft Office LTSC and 2019 |
| Microsoft 365 Apps for Enterprise |
Vulnerabilities Impacting Microsoft Office and 365 Apps for Enterprise
| CVE-2024-20677 | CVSS: 7.8 – High MS Max Severity: Important | No exploitation observed |
| Remote Code Execution – To successfully exploit this vulnerability and achieve remote code execution, a threat actor would need to generate specially crafted Office documents with embedded FBX 3D model files. Note: The security update for Microsoft Office 2021 for Mac is not currently available at the time of writing. Microsoft states the update will be released as soon as possible and customers will be notified. | ||
Recommendations
Recommendation: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.
| Product | CVE | Update |
| Windows Server 2012 R2 | CVE-2024-20674, CVE-2024-0057 | 5034171, 5034279 |
| Windows Server 2012 | CVE-2024-20674, CVE-2024-0057 | 5034184, 5034278 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-20674, CVE-2024-0057 | 5034169, 5034167, 5034277 |
| Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2 | CVE-2024-20674, CVE-2024-0057 | 5034173, 5034176, 5034280, 5034270 |
| Windows Server 2016 | CVE-2024-20674, CVE-2024-0057 | 5034119, 5033910 |
| Windows 10 Version 1607 for x64-based and 32-bit Systems | CVE-2024-20674, CVE-2024-0057 | 5034119, 5033910 |
| Windows 10 for x64-based Systems and 32-bit Systems | CVE-2024-20674 | 5034134 |
| Windows Server 2022, 23H2 Edition | CVE-2024-20674 | 5034130 |
| Windows 11 Version 23H2 for x64-based and ARM64-based Systems | CVE-2024-0057 | 5033920 |
| Windows 11 Version 22H2 ARM64-based Systems and x64-based Systems | CVE-2024-20674 | 5034123 |
| Windows 11 Version 23H2 for ARM64-based Systems and x64-based Systems | CVE-2024-20674 | 5034123 |
| Windows 10 Version 21H2 for 32-bit Systems, ARM64-based Systems, and x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034122, 5034274, 5034275 |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034122, 5034274, 5034275 |
| Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-20674, CVE-2024-0057 | 5034275, 5034122, 5034274 |
| Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5033920, 5034122, 5034274, 5034275 |
| Windows 11 version 21H2 for ARM64-based Systems x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034121, 5034276 |
| Windows Server 2022 | CVE-2024-20674, CVE-2024-0057 | 5034129, 5034272 |
| Windows Server 2019 | CVE-2024-20674, CVE-2024-0057 | 5034127, 5034273 |
| Windows 10 Version 1809 for 32-bit Systems, ARM64-based Systems, and x64-based Systems | CVE-2024-20674, CVE-2024-0057 | 5034127, 5034273 |
| Microsoft Office LTSC 2021 for 32-bit and 64-bit editions | CVE-2024-20677 | Release notes |
| Microsoft Office LTSC for Mac 2021 | CVE-2024-20677 | Update not available |
| Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems | CVE-2024-20677 | Release notes |
| Microsoft Office 2019 for 32-bit and 64-bit editions | CVE-2024-20677 | Release notes |
| Microsoft Visual Studio 2022 version 17.8 | CVE-2024-0057 | Release Notes |
| Microsoft Visual Studio 2022 version 17.6 | CVE-2024-0057 | Release Notes |
| Microsoft Visual Studio 2022 version 17.4 | CVE-2024-0057 | Release Notes |
| Microsoft Visual Studio 2022 version 17.2 | CVE-2024-0057 | Release Notes |
| .NET 6.0 | CVE-2024-0057 | 5033733 |
| .NET 7.0 | CVE-2024-0057 | 5033734 |
| .NET 8.0 | CVE-2024-0057 | 5033741 |
Note: Please follow your organization’s patching and testing guidelines to avoid any operational impact.