Microsoft released the January security update package as part of its Patch Tuesday program, which includes fixes for 49 vulnerabilities present in the company’s various products.
The software giant said two of these vulnerabilities are classified by Microsoft as critical (related to Windows Kerberos security bypass and remote code execution in Hyper-V). The patch includes fixes for 10 elevation of privilege vulnerabilities, 12 remote code execution vulnerabilities, 11 information disclosure vulnerabilities, 6 denial of service (DoS) vulnerabilities, etc.
While the January security patch does not contain fixes for vulnerabilities that are being actively exploited by attackers, some are especially known, including CVE-2024-20674 which exploits this vulnerability for allowing Windows Kerberos security feature to be bypassed (critical), CVE-2024-20700 in the Hyper-V hardware virtualization system can be exploited to remotely execute code on the system (critical). CVE -2024-20677 in Microsoft Office allows remote code execution using specially configured malicious Office documents containing FBX 3D models. To resolve this issue, Microsoft has disabled the ability to insert FBX files into Word, Excel, PowerPoint, and Outlook for Windows and macOS.
Users can find the fixed vulnerabilities on Microsoft’s official website. The software giant has also started distributing cumulative updates for Windows 11 (KB5034123) and Windows 10 (KB5034122).
For Windows devices that use multiple screens, users may experience issues using the Copilot AI virtual assistant (in preview) with shortcuts suddenly switching between screens or misaligned. The developers plan to release a patch to resolve this situation. Additionally, there is currently no support for Copilot in preview versions of Windows when the taskbar is placed vertically. To access Copilot, users must ensure the taskbar is placed horizontally at the bottom or top of the workspace.