Microsoft Monthly Security Update (January 2024)

Microsoft has released monthly security update for their products:

[Updated on 2025-02-05]

CVE-2024-29059 vulnerability is being actively exploited. An attacker can use the exposed ObjRef URI in Microsoft .NET Framework to execute a network attack and allows them to enable remote code execution.

Vulnerable Product	Risk Level	Impacts	Notes
Windows	Medium Risk	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure Spoofing Denial of Service
Extended Security Updates (ESU)	Medium Risk	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Spoofing
Microsoft Office	Medium Risk	Remote Code Execution
Azure	Medium Risk	Remote Code Execution Denial of Service
Mariner	Medium Risk	Remote Code Execution
Developer Tools	High Risk	Denial of Service Security Restriction Bypass Elevation of Privilege Information Disclosure	CVE-2024-29059 is being exploited in the wild. This is a Microsoft .NET Framework information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
SQL Server	Medium Risk	Security Restriction Bypass

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 1

Number of ‘Medium Risk’ product(s): 7

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: High Risk

RISK: High Risk

TYPE: Operating Systems – Windows OS

Impact

Remote Code Execution
Security Restriction Bypass
Elevation of Privilege
Denial of Service
Information Disclosure
Spoofing

System / Technologies affected

Windows
Extended Security Updates (ESU)
Microsoft Office
Azure
Mariner
Developer Tools
SQL Server

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor.

Vulnerability Identifier

https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2024&month=01

Source

Microsoft