CVE-2024-20674, CVE-2024-0057 and CVE-2024-20677 Headline Microsoft’s January 2024 Patch Tuesday

Share :

On January 9, 2024, Microsoft published their January 2024 security update with patches for 48 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 3 in this blog that were categorized as either critical or high severity. There is no available evidence to suggest that these vulnerabilities have been actively exploited in the wild. 

Impacted Product: Windows 

Impacted Versions 
Windows Server 2008 R2 Service Pack 1, Windows Server 2008 Service Pack 2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition 
Windows 10, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 Version 21H2, Windows 11 Version 22H2, Windows 11 Version 23H2 

Vulnerabilities Impacting Windows:  

CVE-2024-20674  CVSS: 9.0 – Critical 

MS Max Severity: Critical 

No exploitation observed 
Security Feature Bypass – An unauthorized threat actor could exploit this vulnerability by executing a machine-in-the-middle (MITM) attack or employing other local network spoofing techniques. In doing so, they could send a malicious Kerberos message to the targeted client machine, tricking it into believing that the threat actor’s machine is the legitimate Kerberos authentication server. 

  • Note: For this vulnerability to be exploitable a threat actor must first gain access to the restricted network. 

Impacted Product: Visual Studio and .NET Framework 

Impacted Versions 
Visual Studio 2022 
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1; .NET Framework 3.0 Service Pack 2; .NET Framework 2.0 Service Pack 2; and .NET 6.0, 7.0, 8.0 

Vulnerabilities Impacting Visual Studio and .NET Framework:  

CVE-2024-0057  CVSS: 9.1 – Critical 

MS Max Severity: Important 

No exploitation observed 
Security Feature Bypass – A flaw in Microsoft .NET Framework’s X.509 chain building APIs allows threat actors to present invalid certificates, triggering a bug. Applications relying on this inaccurate reason code may misinterpret the failure as a successful chain build, allowing threat actors to bypass normal authentication logic. 

Impacted Product: Microsoft Office and 365 Apps for Enterprise 

Impacted Versions 
Microsoft Office LTSC and 2019     
Microsoft 365 Apps for Enterprise 

Vulnerabilities Impacting Microsoft Office and 365 Apps for Enterprise 

CVE-2024-20677  CVSS: 7.8 – High 

MS Max Severity: Important 

No exploitation observed 
Remote Code Execution – To successfully exploit this vulnerability and achieve remote code execution, a threat actor would need to generate specially crafted Office documents with embedded FBX 3D model files.  

  • Note: The security update for Microsoft Office 2021 for Mac is not currently available at the time of writing. Microsoft states the update will be released as soon as possible and customers will be notified. 

Recommendations 

Recommendation: Apply Security Updates to Impacted Products 

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.  

Product  CVE  Update 
Windows Server 2012 R2  CVE-2024-20674, CVE-2024-0057  5034171, 5034279 
Windows Server 2012  CVE-2024-20674, CVE-2024-0057  5034184, 5034278 
Windows Server 2008 R2 for x64-based Systems Service Pack 1  CVE-2024-20674, CVE-2024-0057  5034169, 5034167, 5034277 
Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2  CVE-2024-20674, CVE-2024-0057  5034173, 5034176, 5034280, 5034270 
Windows Server 2016  CVE-2024-20674, CVE-2024-0057  5034119, 5033910 
Windows 10 Version 1607 for x64-based and 32-bit Systems  CVE-2024-20674, CVE-2024-0057  5034119, 5033910 
Windows 10 for x64-based Systems and 32-bit Systems  CVE-2024-20674  5034134 
Windows Server 2022, 23H2 Edition  CVE-2024-20674  5034130 
Windows 11 Version 23H2 for x64-based and ARM64-based Systems  CVE-2024-0057  5033920 
Windows 11 Version 22H2 ARM64-based Systems and x64-based Systems  CVE-2024-20674  5034123 
Windows 11 Version 23H2 for ARM64-based Systems and x64-based Systems  CVE-2024-20674  5034123 
Windows 10 Version 21H2 for 32-bit Systems, ARM64-based Systems, and x64-based Systems  CVE-2024-20674, CVE-2024-0057  5034122, 5034274, 5034275 
Windows 10 Version 22H2 for x64-based Systems  CVE-2024-20674, CVE-2024-0057  5034122, 5034274, 5034275 
Windows 10 Version 22H2 for 32-bit Systems  CVE-2024-20674, CVE-2024-0057  5034275, 5034122, 5034274 
Windows 10 Version 22H2 for ARM64-based Systems  CVE-2024-20674, CVE-2024-0057  5033920, 5034122, 5034274, 5034275 
Windows 11 version 21H2 for ARM64-based Systems x64-based Systems  CVE-2024-20674, CVE-2024-0057  5034121, 5034276 
Windows Server 2022  CVE-2024-20674, CVE-2024-0057  5034129, 5034272 
Windows Server 2019  CVE-2024-20674, CVE-2024-0057  5034127, 5034273 
Windows 10 Version 1809 for 32-bit Systems, ARM64-based Systems, and x64-based Systems  CVE-2024-20674, CVE-2024-0057  5034127, 5034273 
Microsoft Office LTSC 2021 for 32-bit and 64-bit editions  CVE-2024-20677  Release notes 
Microsoft Office LTSC for Mac 2021  CVE-2024-20677  Update not available 
Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems  CVE-2024-20677  Release notes 
Microsoft Office 2019 for 32-bit and 64-bit editions  CVE-2024-20677  Release notes 
Microsoft Visual Studio 2022 version 17.8  CVE-2024-0057  Release Notes 
Microsoft Visual Studio 2022 version 17.6  CVE-2024-0057  Release Notes 
Microsoft Visual Studio 2022 version 17.4  CVE-2024-0057  Release Notes 
Microsoft Visual Studio 2022 version 17.2  CVE-2024-0057  Release Notes 
.NET 6.0  CVE-2024-0057  5033733 
.NET 7.0  CVE-2024-0057  5033734 
.NET 8.0  CVE-2024-0057  5033741 

Note: Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

References 

Microsoft January 2024 Release Notes

Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter