pds-it
['Blog post','no']
Microsoft Technology
Blog

Patchday January 2024: Microsoft delivers first patches of the year

Contents

    With the January 2024 Patchday, Microsoft is continuing its tradition of releasing security updates and enhancements for its programs every second Tuesday of the month. With the first patches of the year, Microsoft is taking it easy for the time being and limiting itself to security updates. New functions will probably be available again next month.

    Microsoft closes two critical and four highly rated vulnerabilities on Patchday January 2024

    Microsoft is always keen to close the most dangerous vulnerabilities. The Common Vulnerability Scoring System serves as a guide here. This system classifies bugs and security risks on a scale of 1 to 10 using the CVSS score. The higher the CVSS score, the more dangerous the bug. During the January 2024 patchday, Microsoft was able to remove two security risks that achieved a critical rating on the CVSS scale.

    The highest CVSS score of an even 9 was achieved by a bug in the Kerberos authentication protocol. Bugs in authentication are particularly dangerous because they can directly affect the authentication data. The bug in question enabled hackers to launch a man-in-the-middle attack. After the January 2024 patchday, authentication should be secure again.

    Another critical bug with a CVSS score of 7.5 affected Microsoft Hyper-V. Cybercriminals were able to exploit this bug and did not even need any action from users to do so. This gap has been closed with the January 2024 patchday. Security vulnerabilities that hackers can access without the unwitting help of users open up particularly dangerous territory, as hackers can basically do anything in the backend to manipulate software.

    During the January 2024 patchday, Microsoft also fixed four bugs that were classified as "high" on the CVSS scale. Nothing else is known about these patches, except that they affect the use of Google Chrome under Windows. It should be safe to use with the patches.

    Further security updates on the January 2024 patchday

    Microsoft has provided a total of over 50 bug fixes in the January 2024 patchday. To keep your system secure at all times, you must update Windows. All patches are included in the latest updates.

    Microsoft has highlighted two particular bugs and even provided a separate link to information.

    The bugs affect the clients Microsoft.Data.SqlClient and System.Data.SqlClient and occur in older versions. As usual, you should therefore also use the latest versions here to be on the safe side.

    The secure version of Microsoft.Data.SqlClient is version 3.1.5.

    The secure version of System.Data.SqlClient is version 4.8.6.

    Under the link you will find all the information you need to get the latest versions. Here is the link again.

    Stay safe in Microsoft applications with skill it

    In our seminars on Microsoft technology security, you will learn how to use the various Microsoft applications securely. In our course Microsoft Security, Compliance, and Identity Fundamentals you will learn the basics of security in Microsoft cloud-based solutions.

    Our four-day training Microsoft Cybersecurity Architect on the other hand, is aimed at more experienced IT professionals. You will learn how to develop and implement security strategies. In a total of ten modules, you will receive a detailed overview of the possibilities, develop solutions and implement them in practical exercises.

    Author
    Kia Figge
    As the founder of Textflamme, Kia has been writing for companies from all industries for over 10 years. She has written texts for countless websites and blogs and feels at home in the field of information technology.