For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have been previously publicly disclosed. The critical fixes (CVE-2024-20674, CVE-2024-20700) CVE-2024-20674 is a security feature bypass vulnerability that may allow attackers to impersonate Windows’ Kerberos server. “An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local … More

The post Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) appeared first on Help Net Security.