Security News > 2024 > January > New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.
"And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.
SAP issued 12 new and updated patches, including three HotNews Notes and four High Priority Notes.
One of the new HotNews Notes, #3413475, addresses an escalation of privileges vulnerability in SAP Edge Integration Cell due to CVE-2023-49583 and CVE-2023-50422.
The bugs are tracked as CVE-2023-20193 and CVE-2023-20194 and only the latter has a patch.
Google's January Security Bulletin for Android addresses 59 CVEs, but none of these appear to have been found and exploited by criminals prior to the patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/09/january_patch_tuesday/
Related news
- Microsoft shares workaround for Windows security update issues (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Windows 11 KB5051987 & KB5051989 cumulative updates released (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Windows 11 KB5052093 update released with 33 changes and fixes (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-50422 | Unspecified vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49583 | Unspecified vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-09-07 | CVE-2023-20194 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.9 |
| 2023-09-07 | CVE-2023-20193 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. | 6.7 |