The January 2024 Patch Tuesday has recently passed, and Microsoft has rolled out a relatively light release with the address of 39 CVEs in Windows 10 and 35 in Windows 11. Surprisingly, there were no zero-day vulnerabilities from Microsoft to start the new year. However, the absence of updates for Office 2013 and Office 2016 is noticeable, with only the online, click-to-run versions receiving a single-CVE update.
Furthermore, a preview of the new server, Microsoft Server 2025, has been made available to the public through the Windows Server Insider Channel. This new server is expected to be generally available in the fall, with significant features including the ability to subscribe as needed through Azure Arc, updates to Active Directory storage and security, communication security updates with SMB over Quick UDP (QUIC), and the introduction of hotpatching, which enables real-time updates to the running system in memory without the need for an immediate reboot.
Following the Patch Tuesday release, zero-day announcements and software releases from Apple, Google, Ivanti, and Microsoft have been making waves. Apple released updates for all operating systems and Safari 17.3 for Monterey and Ventura macOS, addressing CVE-2024-23222, which allows maliciously crafted web content to conduct arbitrary code execution. Google also released Stable Channel updates, addressing CVE-2024-0519, known to be exploited in the wild. Microsoft, on the other hand, reported a zero-day vulnerability called EventLogCrasher for all versions of Windows, posing a potential threat to the event logging service.
In addition, Microsoft released their monthly non-security preview patch for Windows 10 22H2, Windows 11 22H2, and Windows 11 23H2 on January 23, with important information regarding the future release of optional, non-security preview updates for Windows 11, version 22H2.
Moreover, Ivanti has released patches for five CVEs affecting their Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways, three of which have been exploited in the wild.
Looking ahead, the forecast for the February 2024 Patch Tuesday includes the expectation of new releases from Microsoft, as well as potential updates for Adobe Acrobat and Reader, Chrome Beta for Desktop, and Mozilla Firefox and Thunderbird.
Overall, it is important for users to remain vigilant and prioritize the installation of zero-day updates, given their potential impact on system security. With an increase in the number of patches expected on Patch Tuesday, it’s essential to stay updated with the latest security releases and ensure the protection of systems against potential vulnerabilities. After all the security updates, users are reminded that Valentine’s Day is approaching.