Security News > 2024 > January > Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.
The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update.
Microsoft fixes an Office Remote Code Execution Vulnerability tracked as CVE-2024-20677 that allows threat actors to create maliciously crafted Office documents with embedded FBX 3D model files to perform remote code execution.
"A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac," explains Microsoft security bulletin.
"Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.".
Below is the complete list of resolved vulnerabilities in the January 2023 Patch Tuesday updates.
News URL
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-09 | CVE-2024-20677 | Unspecified vulnerability in Microsoft products A security vulnerability exists in FBX that could lead to remote code execution. | 0.0 |