Security News > 2024 > January > Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
2024-01-09 19:05

Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.

The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update.

Microsoft fixes an Office Remote Code Execution Vulnerability tracked as CVE-2024-20677 that allows threat actors to create maliciously crafted Office documents with embedded FBX 3D model files to perform remote code execution.

"A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac," explains Microsoft security bulletin.

"Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.".

Below is the complete list of resolved vulnerabilities in the January 2023 Patch Tuesday updates.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2024-patch-tuesday-fixes-49-flaws-12-rce-bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2024-20677 Unspecified vulnerability in Microsoft products
A security vulnerability exists in FBX that could lead to remote code execution.
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399