Security News > 2024 > January > New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.
"And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.
SAP issued 12 new and updated patches, including three HotNews Notes and four High Priority Notes.
One of the new HotNews Notes, #3413475, addresses an escalation of privileges vulnerability in SAP Edge Integration Cell due to CVE-2023-49583 and CVE-2023-50422.
The bugs are tracked as CVE-2023-20193 and CVE-2023-20194 and only the latter has a patch.
Google's January Security Bulletin for Android addresses 59 CVEs, but none of these appear to have been found and exploited by criminals prior to the patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/09/january_patch_tuesday/
Related news
- Windows 11 24H2: The hardware and software blocking the new update (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows 11 Task Manager says no apps are active after preview update (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)
- Windows 11 KB5046617 and KB5046633 cumulative updates released (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- AlmaLinux 9.5 released: Security updates, new packages, and more! (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-50422 | Unspecified vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49583 | Unspecified vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-09-07 | CVE-2023-20194 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.9 |
| 2023-09-07 | CVE-2023-20193 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. | 6.7 |