Site icon Sophos News

2024’s first Patch Tuesday steps lightly

January isn’t traditionally the lightest month on patch managers’ calendars, so a second month of (relatively) few Microsoft releases is a bit of a treat. On Tuesday the company released 48 CVEs, including 38 for Windows. Eight other product groups or tools are also affected. Of the CVEs addressed, just two are considered Critical in severity by Microsoft; both affect Windows.

At patch time, none of the issues are known to be under exploit in the wild, and none have been publicly disclosed. However, nine of the addressed vulnerabilities in Windows and SharePoint (including one of the Critical-severity CVEs, affecting Kerberos) are by the company’s estimation more likely to be exploited in the next 30 days. Four of those are amenable to detection by Sophos protections, and we include information on those in a table below.

In addition to the 48 patches the release included information on four Chrome CVEs (released last week) that affect Edge, and one MITRE-issued CVE touching the open-source database engine SQLite. (There are no Adobe offerings this month.) We don’t include those issues in the CVE counts and graphics below, but we provide information on everything in an appendix at the end of the article. We are as usual including at the end of this post three other appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family.

By the numbers

Exit mobile version