Patch Tuesday de Enero

Patch Tuesday Webinar
Jueves 11 Enero 2024
Presentado por Daniel Gonzalez Fernandez y Kamel Karabelli

Agenda
January 2024 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2024 Ivanti. All rights reserved.
January Patch Tuesday 2024
Easing into 2024 with a light release from Microsoft and third-party updates from Google and Mozilla;
expect a quarterly update from Oracle next week to complete your lineup this month. Microsoft has
resolved 49 new CVEs and 7 CVEs from 2023 to expand the affected products to include additional
updates. No Public Disclosures or Exploited reports at this time so business as usual. The two critical
CVEs in the OS update this month are the highest risk. Get things evaluated and tested as part of your
normal maintenance schedule.

In the News
§ Recent Zero Days:
§ Chinese Threat Actors Exploit Barracuda Zero Day
§ Apache OFBiz Receives an Additional Update
§ Microsoft Introduces Windows Protected Print Mode
§ https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-
new-modern-and-secure-print-experience-from-windows/ba-p/4002645
§ Addresses driver and Internet Print Protocol (IPP) security
§ Available in the Insider Preview Channel
§ https://blogs.windows.com/windows-insider/2023/12/13/announcing-windows-
11-insider-preview-build-26016-canary-channel/

Series of Re-issued CVEs of Interest
§ Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
§ Originally released June 15, 2023
§ CVE-2023-29349
§ CVE-2023-29356
§ CVE-2023-32025
§ CVE-2023-32026
§ CVE-2023-32027
§ CVE-2023-32028
§ Per Microsoft – In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11,
Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6,
and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability.
Microsoft strongly recommends that customers running any of these products install the updates to
be fully protected from the vulnerability. Customers whose systems are configured to receive
automatic updates do not need to take any further action.

CVE-2023-4622 Background:
§ CVSS 3: 7.8
§ Reproducible use-after-free vulnerability
that can be exploited for local privilege
escalation on the Kernel's
unix_stream_sendpage() function.
§ There is a problem with a lock around
communication between peers (read:
different processes), where a resource
can be accessed/unlocked while it is
being garbage collected inside the lock,
resulting in this use-after-free.
The AF_UNIX socket family is used to
communicate between processes on the
same machine efficiently.
This bug has been in the Linux kernel for
years but was fixed in 6.1.47. Affects any
distribution running previous Kernel versions
since 4.12.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2023-28466 Impact and Mitigation
§ CVSS 3: 7.0
§ A call to do_tls_getsockopt in
net/tls/tls_main.c in the Linux Kernel is
missing a lock statement which can lead
to a race condition and a resultant use-
after-free or NULL pointer dereference
(both of which can eventually cause
security problems, but will cause crashes
otherwise).
§ Impacts the Kernel TLS support
functionality, which underpins 3rd party
software relying on it for TLS-based
communications.
Affects a very large range of kernel versions
(the earliest being 4.13, up to 6.2.7). Multiple
distributions impacted.
Mitigation is possible by blacklisting the
module (called “tls”), but will impact
functionality depending on TLS, so may be
impractical. Also only applicable if tls is
compiled as a module on the Kernel instead
of built-in directly.

CVE-2023-39189 Impact and Mitigation
§ CVSS 3: 6.0 (Disputed)
§ The netfilter code inside the Kernel
contains a function that lacks a check on
a user-controlled parameter.
§ This flaw allows a local privileged
(CAP_NET_ADMIN) application to trigger
an out-of-bounds read, which can trigger
a system crash (or disclose memory
contents).
Affects Kernel versions up to (but excluding)
6.6.
This bug can be fixed by preventing the
impacted Passive OS Fingerprinting match
module (`xt_osf`) from being loaded.

Advisory Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ Windows Server 2012 ESU Operating Systems in January
§ Advisory 190023 Enabling LDAP Channel Binding and LDAP Signing
§ https://msrc.microsoft.com/update-guide/vulnerability/ADV190023
§ “With the release of the January 9, 2024 security updates, the auditing changes added in
August 2023 are now available on Windows Server 2019. You do not need to install MSIs
or create policies as mentioned in Step 3 of Recommended Actions.”
Source: Microsoft

Microsoft Patch Tuesday Updates of Interest
§ Azure and Development Tool Updates
§ .NET 6.0, 7.0, & 8.0
§ Azure Microsoft Identity Model v5.0, v6.0, and v7.0
§ Microsoft Visual Studio 2015 Update 3
§ Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
§ Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
§ Visual Studio 2022 (multiple versions)

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Source: Microsoft

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-
started/windows-server-release-info
Source: Microsoft
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available

Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)

CHROME-240109: Security Update for Chrome Desktop
§ Maximum Severity: Critical
§ Affected Products: Google Chrome
§ Description: The Stable channel has been updated to 120.0.6099.216 for Mac,
Linux and 120.0.6099.216/217 to Windows. See
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-
desktop_9.html for more details. Fixes 1 CVE rated High.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2024-0333
§ Restart Required: Requires browser restart

MS24-01-W11: Windows 11 Update
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge
Chromium
§ Description: This bulletin references KB 5034121 (21H2) and KB 5034123
(22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
§ Fixes 35 Vulnerabilities: No CVEs are publicly disclosed or known exploited. See
the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slides

January Known Issues for Windows 11
§ KB 5034121 – Windows 11 21H2
§ [Encrypt Drive Reporting Error] Using the FixedDrivesEncryptionType or
SystemDrivesEncryptionType policy settings in the BitLocker configuration service
provider (CSP) node in mobile device management (MDM) apps might incorrectly
show a 65000 error in the "Require Device Encryption" setting for some devices in
your environment. Affected environments are those with the “Enforce drive
encryption type on operating system drives” or "Enforce drive encryption on fixed
drives" policies set to enabled and selecting either "full encryption" or "used space
only". Microsoft Intune is affected by this issue but third-party MDMs might also be
affected.
§ Important This issue is a reporting issue only and does not affect drive encryption
or the reporting of other issues on the device, including other BitLocker issues.
§ Microsoft is working on a resolution

January Known Issues for Windows 11 (cont)
§ KB 5034123 – Windows 11 22H2/23H2
§ [Encrypt Drive Reporting Error]
§ [Icon Display] Windows devices using more than one (1) monitor might experience
issues with desktop icons moving unexpectedly between monitors or other icon
alignment issues when attempting to use Copilot in Windows (in preview).
§ [Emoji Display] The color font format for COLRv1 does not render properly. This
format enables Windows to display emoji with a 3D-like appearance.
§ Microsoft is working on a resolution for both display issues.

MS24-01-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, and Information Disclosure
§ Fixes 39 Vulnerabilities: No CVEs are publicly disclosed or known exploited. See
the Security Update Guide for the complete list of CVEs.
§ Known Issues: See next slide

January Known Issues for Windows 10
§ KB 5034122 – Windows 10 Enterprise and Education, version 21H2;
Windows 10 IoT Enterprise, version 21H2; Windows 10 Enterprise
Multi-Session, version 21H2; and Windows 10, version 22H2, all
editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported
when your taskbar is located vertically on the right or left of your screen.
Workaround: To access Copilot in Windows, make sure your taskbar is
positioned horizontally on the top or bottom of your screen.
§ [Encrypt Drive Reporting Error]
§ [Icon Display]

MS24-01-SPT: Security Updates for SharePoint Server
§ Maximum Severity: Important
§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
§ Description: This update addresses a vulnerability whereby in a network-based
attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to
inject and execute code remotely on the SharePoint Server. This bulletin is based on 3
KB articles.
§ Fixes 1 Vulnerability: CVE-2024-21318 is not publicly disclosed or known
exploited.
§ Known Issues: None reported

MS24-01-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Fixes 1 Vulnerability: CVE-2024-20677 is not publicly disclosed or known
exploited.
§ Restart Required: Requires application restart

MS24-01-MRNET: Monthly Rollup for Microsoft .NET
§ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
§ Description: This security update addresses one vulnerability where an attacker
could create a specially crafted X.509 certificate that intentionally introduce or
intentionally induces a chain building failure. It also addresses a vulnerability where a
machine-in-the-middle (MITM) attack could decrypt and read or modify TLS traffic
between the client and server. This bulletin references 16 KB articles.
§ Impact: Security Feature Bypass, Denial of Service
§ Fixes 3 Vulnerabilities: CVE-2024-0056, CVE-2024-0057, and CVE-2024-21312
are not publicly disclosed or known exploited.
§ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS24-01-SONET: Security-only Update for Microsoft .NET
§ Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
§ Description: This security update addresses one vulnerability where an attacker
could create a specially crafted X.509 certificate that intentionally introduce or
intentionally induces a chain building failure. It also addresses a vulnerability where a
machine-in-the-middle (MITM) attack could decrypt and read or modify TLS traffic
between the client and server. This bulletin references 16 KB articles.
§ Impact: Security Feature Bypass, Denial of Service
§ Fixes 3 Vulnerabilities: CVE-2024-0056, CVE-2024-0057, and CVE-2024-21312
are not publicly disclosed or known exploited.
§ Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

Windows Release Summary
§ Security Updates (with CVEs): Apache OpenOffice (1), Google Chrome (2), Firefox (1), Firefox ESR
(1), Thunderbird (1), Wireshark (3)
§ Security Updates (w/o CVEs): Apple Mobile Device Support (1), Adobe Acrobat DC and Acrobat
Reader DC (1), Dropbox (2), Evernote (1), GoodSync (3), Grammarly for Windows (2), Apple iTunes (1),
IrfanView (1), Malwarebytes (1), Node.JS (Current) (1), Notepad++ (1), Opera (3), PuTTY (1), PeaZip (1), Royal
TS (1), Slack Machine-Wide Installer (1), Snagit (2), Sourcetree for Windows Enterprise (1), TortoiseSVN (1),
TeamViewer (1), Wireshark (1), Zoom Client (2), Zoom Rooms Client (1), Zoom VDI (1)
§ Non-Security Updates: AIMP (1), Bandicut (1), Bitwarden (1), Google Drive File Stream (1), WeCom (1)

Windows Third Party CVE Information
§ Apache OpenOffice 4.1.15
§ OROO-231222, QOROO4115
§ Fixes 4 Vulnerabilities: CVE-2012-5639, CVE-2022-43680, CVE-2023-1183, CVE-
2023-47804
§ Google Chrome 120.0.6099.130
§ CHROME-231220, QGC12006099130
§ CHROME-240103, QGC12006099200
2024-0225

Windows Third Party CVE Information (cont)
§ Firefox 121.0
§ FF-231219, QFF1210
2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6863,
CVE-2023-6864, CVE-2023-6865, CVE-2023-6866, CVE-2023-6867, CVE-2023-
6868, CVE-2023-6869, CVE-2023-6870, CVE-2023-6871, CVE-2023-6872, CVE-
2023-6873
§ Firefox ESR 115.6.0
§ FFE115-231219, QFFE11560
2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863,
CVE-2023-6864, CVE-2023-6865, CVE-2023-6867
§ Wireshark 3.6.20
§ WIRES36-240104, QWIRES3620EXE & QWIRES3620MSI
§ Fixes 2 Vulnerabilities: CVE-2024-0208, CVE-2024-0209

Windows Third Party CVE Information (cont)
§ Thunderbird 115.6.0
§ TB-231219, QTB11560
§ Fixes 11 Vulnerabilities: CVE-2023-50761, CVE-2023-50762, CVE-2023-6856, CVE-2023-6857,
CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-
6863, CVE-2023-6864
§ Wireshark 4.0.12
§ Fixes 2 Vulnerabilities: CVE-2024-0208, CVE-2024-0209
§ Wireshark 4.2.1
§ Fixes 5 Vulnerabilities: CVE-2024-0207, CVE-2024-0208, CVE-2024-0209, CVE-2024-0210, CVE-
2024-0211

Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Sonoma (1), Google Chrome (2), Firefox (1),
Firefox ESR (1), Microsoft Edge (2), Thunderbird (1)
§ Security Updates (w/o CVEs): None
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), Brave (2), draw.io (3),
Dropbox (2), Eclipse IDE Java for Mac (1), Evernote (1), Grammarly (5), HandBrake (1), IntelliJ IDEA (1),
Microsoft Edge (2), Parallels Desktop (1), Safari for Ventura (1), Safari for Monterey (1), Skype (1), Slack
(1), Microsoft Teams (Mac) (1), Zoom Client for Mac (2)

Apple Updates CVE Information
§ macOS Sonoma 14.2.1
§ HT214048
§ Fixes 1 Vulnerability

Apple Third Party CVE Information
§ CHROMEMAC-231220
§ CHROMEMAC-240103
2024-0224, CVE-2024-0225
§ Firefox 121.0
§ FF-231219
2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6863,
CVE-2023-6864, CVE-2023-6865, CVE-2023-6866, CVE-2023-6867, CVE-2023-
6868, CVE-2023-6869, CVE-2023-6870, CVE-2023-6871, CVE-2023-6872, CVE-
2023-6873

Apple Third Party CVE Information (cont)
§ Firefox ESR 115.6.0
§ FFE115-231219
2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863,
CVE-2023-6864, CVE-2023-6865, CVE-2023-6867
§ Microsoft Edge 120.0.2210.77
§ MEDGEMAC-231215
§ Microsoft Edge 120.0.2210.91
§ MEDGEMAC-231221

Apple Third Party CVE Information (cont)
§ Thunderbird 115.6.0
§ TB-231219
§ Fixes 11 Vulnerabilities: CVE-2023-50761, CVE-2023-50762, CVE-2023-6856, CVE-2023-6857,
CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-
6863, CVE-2023-6864

Thank You!

Patch Tuesday de Enero

Recommended

Recommended

More Related Content

Similar to Patch Tuesday de Enero

Similar to Patch Tuesday de Enero (20)

More from Ivanti

More from Ivanti (10)

Recently uploaded

Recently uploaded (20)

Patch Tuesday de Enero