These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:
CVE-2024-0056
· Title: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
· Version: 1.1
· Reason for revision: Corrected Download and Article links in the Security Updates table. This is an informational change only.
· Originally released: January 9, 2024
· Last updated: January 12, 2024
· Aggregate CVE Severity Rating: Important
CVE-2024-0057
· Title: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
· Version: 2.0
· Reason for revision: Revised the Security Updates table as follows: Added PowerShell 7.2, PowerShell 7.3, and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Annou...ithub.com/PowerShell/Announcements/issues/72) for more information. Corrected Download and Article links for .NET Framework 3.5 and 4.8.1 installed on Windows 10 version 22H2.
· Originally released: January 9, 2024
· Last updated: January 12, 2024
· Aggregate CVE Severity Rating: Important
CVE-2024-0057
· Title: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
· Version: 2.1
· Reason for revision: Corrected Download and Article links in the Security Updates table. This is an informational change only.
· Originally released: January 9, 2024
· Last updated: January 16, 2024
· Aggregate CVE Severity Rating: Important
CVE-2024-20677
· Title: Microsoft Office Remote Code Execution Vulnerability
· Version: 1.1
· Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
· Originally released: January 9, 2024
· Last updated: January 16, 2024
· Aggregate CVE Severity Rating: Important
CVE-2024-21312
· Title: .NET Framework Denial of Service Vulnerability
· Version: 1.1
· Reason for revision: Corrected Download and Article links in the Security Updates table. This is an informational change only.
· Originally released: January 9, 2024
· Last updated: January 12, 2024
· Aggregate CVE Severity Rating: Important
CVE-2024-21337
· Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
· Version: 1.0
· Reason for revision: Information published.
· Originally released: January 11, 2024
· Last updated: January 11, 2024
· Aggregate CVE Severity Rating: Moderate
CVEs have been published or revised in the Security Update Guide January 16, 2024
+63Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
+5Thanks for the list.
"The only problem with troubleshooting is that sometimes trouble shoots back!"
1 person likes this
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.