Security News > 2024 > January > New year, new updates for security holes in Windows, Adobe, Android and more
Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge.
"And while it's listed as exploitation less likely, because Hyper-V runs as the highest privileges in a computer, it is worth thinking about patching," Ben McCarthy, lead cyber security engineer at Immersive Labs told The Register.
SAP issued 12 new and updated patches, including three HotNews Notes and four High Priority Notes.
One of the new HotNews Notes, #3413475, addresses an escalation of privileges vulnerability in SAP Edge Integration Cell due to CVE-2023-49583 and CVE-2023-50422.
The bugs are tracked as CVE-2023-20193 and CVE-2023-20194 and only the latter has a patch.
Google's January Security Bulletin for Android addresses 59 CVEs, but none of these appear to have been found and exploited by criminals prior to the patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/09/january_patch_tuesday/
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix (source)
- Windows 10 KB5035845 update released with 9 new changes, fixes (source)
- Windows 11 KB5035853 update released, here's what's new (source)
- Windows KB5035849 update failing to install with 0xd000034 errors (source)
- New Windows Server updates cause domain controller crashes, reboots (source)
- Opera sees big jump in EU users on iOS, Android after DMA update (source)
- Windows 10 KB5035941 update released with lock screen widgets (source)
- Windows 11 KB5035942 update enables Moment 5 features for everyone (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-50422 | Improper Privilege Management vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
2023-12-12 | CVE-2023-49583 | Improper Privilege Management vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
2023-09-07 | CVE-2023-20194 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. | 4.9 |
2023-09-07 | CVE-2023-20193 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. | 6.7 |