Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.
None of the January CVEs are under active exploit, according to Redmond. Of the two critical vulnerabilities, CVE-2024-20674 received the highest CVSS severity rating. It’s a 9.0-out-of-10 rated security feature bypass bug in Windows Kerberos.
“An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server,” Microsoft explained.