January 2024 Patch Tuesday: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

“This is the second straight Patch Tuesday with no zero-day vulnerabilities (either exploited or publicly disclosed) reported.

Microsoft patched CVE-2024-21318, a remote code execution vulnerability in Microsoft SharePoint Server. An authenticated attacker with Site Owner privileges could exploit this vulnerability, potentially obtaining access to highly sensitive files stored in this cloud-based server. Despite the authentication requirement, Microsoft says exploitation of this flaw is more likely. It is credited to researchers at STAR Labs SG Pte. Ltd. In September 2023, STAR Labs researchers published a blog post outlining successful chaining of two vulnerabilities in Microsoft SharePoint Server (CVE-2023-29357, CVE-2023-24955). Organizations that use SharePoint Server should apply these patches as soon as possible.

Microsoft also patched several elevation of privilege vulnerabilities across several products including Windows Clouds Files Mini Filter Driver (CVE-2024-21310), Common Log File System (CVE-2024-20653), Windows Kernel (CVE-2024-20698) and Win32k (CVE-2024-20683, CVE-2024-20686) that are rated as Exploitation More Likely. These bugs are commonly used as part of post-compromise activity, that is, once attackers have gained an initial foothold onto systems, they would use these vulnerabilities to elevate privileges outside the bounds of current privileges, which are often limited. There is a steady stream of these flaws patched each month, with some having been exploited in the wild as zero days. While much of the attention is paid to vulnerabilities marked as critical, such as remote code execution bugs or vulnerabilities with CVSS scores above 9, these serve as a reminder of the importance of patching vulnerabilities that are more likely to be exploited by attackers.” – Satnam Narang, senior staff research engineer, Tenable