What is Patch Tuesday
Patch Tuesday refers to regular, scheduled releases of software patches and updates by various technology companies, including Microsoft, Adobe, Oracle etc. It occurs on the second Tuesday of each month. During Patch Tuesday, Microsoft releases:
Security Updates
Bug Fixes
Improvements in its products (Windows OS, MS Office, other supported MS applications)
January 2024
Microsoft has rolled out security patches covering 49 vulnerabilities. Currently, there is no evidence of active exploitation and no proof of concept exploits have been discovered.
Affected Products
In the provided image below, we can see that the primary vulnerable products are Windows Message Queuing, followed by Windows Cryptographic Services and Windows Online Certificate Status Protocol (OSCP) SnapIn.
Vulnerability Types
In the image below we can observe that the predominant vulnerability type for this month is Remote Code Execution (11), Information Disclosure (11), trailed by Elevation of Privilege (10) and Security Feature Bypass (7) respectively.
The below heatmap depicts the distribution of various vulnerability types per MS product.
CVSSv3 Score Distribution
It becomes evident that a significant majority of vulnerabilities gravitates towards the range of 6 to 9. This cluster underscores the medium, high (majority) to critical severity of these vulnerabilities.
Statistics related to CVSSv3 score distribution:
mean: 7
min: 4.4
max: 9.1
median: 7.5
PRIOn KB Prioritization Decision Engine
PRIOn KB prioritization decision engine provides sensible default prioritization for vulnerabilities, which can also be customized to align with your security policies and requirements. The below horizontal bar chart provides a visual presentation of the distribution of vulnerabilities analysed via the PRIOn KB decision engine. At a glance, it becomes evident that the majority of the vulnerabilities, comprising a substantial 59% (29) of the total, fall into the "Significant" risk priority level. The "Routine" priority level makes up 41% (20) of the chart. As of now, none of the vulnerabilities being analysed fall into the "urgent" or "immediate" risk priority level.
In the table below, we have arranged all the examined CVEs by priority.
CVE | PRIOn Score | PRIOn Priority Label |
|---|---|---|
CVE-2024-20674 | 68 | Significant |
CVE-2024-0057 | 66 | Significant |
CVE-2024-20687 | 62 | Significant |
CVE-2024-0056 | 61 | Significant |
CVE-2024-20652 | 61 | Significant |
CVE-2024-20653 | 61 | Significant |
CVE-2024-20654 | 61 | Significant |
CVE-2024-20656 | 61 | Significant |
CVE-2024-20657 | 61 | Significant |
CVE-2024-20658 | 61 | Significant |
CVE-2024-20661 | 61 | Significant |
CVE-2024-20672 | 61 | Significant |
CVE-2024-20676 | 61 | Significant |
CVE-2024-20677 | 61 | Significant |
CVE-2024-20681 | 61 | Significant |
CVE-2024-20682 | 61 | Significant |
CVE-2024-20683 | 61 | Significant |
CVE-2024-20686 | 61 | Significant |
CVE-2024-20696 | 61 | Significant |
CVE-2024-20697 | 61 | Significant |
CVE-2024-20698 | 61 | Significant |
CVE-2024-20700 | 61 | Significant |
CVE-2024-21307 | 61 | Significant |
CVE-2024-21309 | 61 | Significant |
CVE-2024-21310 | 61 | Significant |
CVE-2024-21312 | 61 | Significant |
CVE-2024-21318 | 61 | Significant |
CVE-2024-21325 | 61 | Significant |
CVE-2024-20655 | 59 | Routine |
CVE-2024-20660 | 59 | Routine |
CVE-2024-20662 | 59 | Routine |
CVE-2024-20663 | 59 | Routine |
CVE-2024-20664 | 59 | Routine |
CVE-2024-20666 | 59 | Routine |
CVE-2024-20680 | 59 | Routine |
CVE-2024-20690 | 59 | Routine |
CVE-2024-20691 | 59 | Routine |
CVE-2024-20692 | 59 | Routine |
CVE-2024-20694 | 59 | Routine |
CVE-2024-20699 | 59 | Routine |
CVE-2024-21305 | 59 | Routine |
CVE-2024-21306 | 59 | Routine |
CVE-2024-21311 | 59 | Routine |
CVE-2024-21313 | 59 | Routine |
CVE-2024-21314 | 59 | Routine |
CVE-2024-21316 | 59 | Routine |
CVE-2024-21319 | 59 | Routine |
CVE-2024-21320 | 59 | Routine |
How PRIOn can help
PRIOn is an AI driven vulnerability prioritization technology. PRIOn is here to automatically prioritize vulnerabilities, public or private, that matter most across your entire environment. Contact us here for any inquiry/demo. We are here to assist you to transform your vulnerability management lifecycle.
