Security News > 2024 > January > New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.
"And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.
SAP issued 12 new and updated patches, including three HotNews Notes and four High Priority Notes.
One of the new HotNews Notes, #3413475, addresses an escalation of privileges vulnerability in SAP Edge Integration Cell due to CVE-2023-49583 and CVE-2023-50422.
The bugs are tracked as CVE-2023-20193 and CVE-2023-20194 and only the latter has a patch.
Google's January Security Bulletin for Android addresses 59 CVEs, but none of these appear to have been found and exploited by criminals prior to the patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/09/january_patch_tuesday/
Related news
- Windows 11 installation media bug causes security update failures (source)
- Windows 11 Media Update Bug Stops Security Updates (source)
- Microsoft: January Windows security updates break audio playback (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Windows 11 KB5048667 & KB5048685 cumulative updates released (source)
- Windows 10 KB5048652 update fixes new motherboard activation bug (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Vanir: Open-source security patch validation for Android (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-50422 | Unspecified vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49583 | Unspecified vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-09-07 | CVE-2023-20194 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.9 |
| 2023-09-07 | CVE-2023-20193 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. | 6.7 |