The software giant said two of these vulnerabilities were classified by Microsoft as critical (involving Windows Kerberos security bypass and remote code execution in Hyper-V). The patch includes fixes for 10 elevation of privilege vulnerabilities, 12 remote code execution vulnerabilities, 11 information disclosure vulnerabilities, 6 denial of service (DoS) vulnerabilities, and more.
New update helps patch many security vulnerabilities in Microsoft products
While the January security patch does not contain fixes for vulnerabilities that are actively being exploited by attackers, some are particularly known, including CVE-2024-20674, which allows the Windows Kerberos security feature to be bypassed (critical), CVE-2024-20700 in the Hyper-V hardware virtualization system that can be exploited to execute remote code on the system (critical), and CVE-2024-20677 in Microsoft Office that allows remote code execution using specially configured malicious Office documents that contain 3D FBX models. To address this issue, Microsoft has disabled the ability to insert FBX files into Word, Excel, PowerPoint, and Outlook for Windows and macOS.
Users can find the fixed vulnerabilities on Microsoft's official website. In addition, the software giant has started distributing cumulative updates for Windows 11 (KB5034123) and Windows 10 (KB5034122).
For Windows devices with multiple monitors, users may experience issues when using the Copilot AI virtual assistant (in preview) with shortcuts suddenly switching between screens or being misaligned. The developers plan to release a patch to address this. Additionally, there is currently no support for Copilot in preview versions of Windows when the taskbar is positioned vertically. To access Copilot, users must ensure the taskbar is positioned horizontally at the bottom or top of the workspace.
Source link
Comment (0)