Last year, cybersecurity became a top priority for organizations worldwide, as evidenced by the record-breaking number of security vulnerabilities discovered and addressed by top software vendors like Microsoft. As we enter the new year, it is crucial to stay vigilant and ensure that your systems are protected against potential threats. Today, Microsoft announced that a total of 49 security vulnerabilities have been fixed on the first patch for this year. This month, 2 vulnerabilities have been classified as critical. The two critical vulnerabilities are security functions related to Windows Kerberos. They are
- Bypass vulnerability CVE-2024-20674
- Windows Hyper-V remote code execution vulnerability CVE-2024-20700.
CVE-2024-20674
The Windows Kerberos vulnerability “CVE-2024-20674” has a CVSS score of 9 and is said to be “the most risky security vulnerability this year. ” This vulnerability allows hackers to launch man-in-the-middle attacks. Hackers can forge Kerberos authentication servers to deceive the device user authentication system. With this, the hackers can obtain file management rights of the victim’s device.
CVE-2024-20700
The “CVE-2024-20700” vulnerability in Windows Hyper-V has a CVSS risk of 7.5. Microsoft has not released detailed information about the vulnerability. However, software engineers from security company Rapid 7 claim that hackers need to go through complex operations to exploit this vulnerability. Therefore the rating is relatively low.
CVE-2024-0056
In addition, Rapid 7 also specifically named the CVE-2024-0056 vulnerability. This issue is only listed as “Important” but has a CVSS risk score of 8.7. This is a “program security feature bypass vulnerability” related to Microsoft.Data.SqlClient and System.Data.SqlClient. It allows hackers to bypass the client-side and server-side encryption mechanisms and then crack and modify TLS traffic.
Gizchina News of the week
Significance of Security Patches
Security patches are essential for addressing security vulnerabilities in software and applications. These vulnerabilities, if exploited, can lead to unauthorized access, data theft, and other malicious activities. By releasing regular updates, software vendors like Microsoft ensure that their users are protected against the latest threats and exploits. These patches not only fix the vulnerabilities but also help users maintain their digital security and privacy.
Regular security updates are crucial for maintaining the security of your systems and ensuring that you are protected against the latest threats. By installing these updates, you can prevent unauthorized access, data theft, and other malicious activities. It is essential to keep your software and applications up-to-date to ensure that you are protected against the most recent security vulnerabilities.
Record-breaking security Patches last year
Last year, there were numerous security vulnerabilities discovered and addressed by Microsoft. Some of the most notable patches include:
Windows and Exchange Servers: A total of 64 patches addressing security vulnerabilities across various products, including Windows, Azure, Exchange Server, and Office. These patches fixed critical and actively exploited vulnerabilities, such as remote code execution vulnerabilities in Windows Scripting Languages (CVE-2023-36895) and the elevation of privilege vulnerabilities in Windows Print Spooler (CVE-2023-36895).
Now, the company is starting the new year with a fix for 49 vulnerabilities. This shows Microsoft’s commitment to keeping its system very safe and ensuring user data are safe.
Conclusion
It is more important than ever to stay vigilant and ensure that your systems are protected against potential threats. By understanding the importance of security patches and regularly updating your software, you can mitigate the risks associated with known vulnerabilities and maintain a safer digital environment. Also, remember to always keep your software and applications up-to-date. In addition, follow best practices for cybersecurity to protect your organization and personal information.
Author Bio
Efe Udin is a seasoned tech writer with over seven years of experience. He covers a wide range of topics in the tech industry from industry politics to mobile phone performance. From mobile phones to tablets, Efe has also kept a keen eye on the latest advancements and trends. He provides insightful analysis and reviews to inform and educate readers. Efe is very passionate about tech and covers interesting stories as well as offers solutions where possible.