Security News > 2024 > January > New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.
"And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.
SAP issued 12 new and updated patches, including three HotNews Notes and four High Priority Notes.
One of the new HotNews Notes, #3413475, addresses an escalation of privileges vulnerability in SAP Edge Integration Cell due to CVE-2023-49583 and CVE-2023-50422.
The bugs are tracked as CVE-2023-20193 and CVE-2023-20194 and only the latter has a patch.
Google's January Security Bulletin for Android addresses 59 CVEs, but none of these appear to have been found and exploited by criminals prior to the patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/09/january_patch_tuesday/
Related news
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Windows 11 KB5043145 update released with 13 changes and fixes (source)
- Windows 11 KB5043145 update causes reboot loops, blue screens (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Windows 11 KB5044284 and KB5044285 cumulative updates released (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Android 15 unveils new security features to protect sensitive data (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Windows 11 KB5044380 preview update lets you remap the Copilot key (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-50422 | Exposed Dangerous Method or Function vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49583 | Exposed Dangerous Method or Function vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-09-07 | CVE-2023-20194 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.9 |
| 2023-09-07 | CVE-2023-20193 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. | 6.7 |