CVE-2024-20674

Vulnerability updated a month ago (2024-11-29T14:26:24.544Z)

Download STIX

Preview STIX

CVE-2024-20674 is a critical vulnerability identified as a Windows Kerberos Security Feature Bypass. This flaw in software design or implementation potentially allows attackers to impersonate the Windows' Kerberos server, posing a significant security risk. The vulnerability was one of two severe issues addressed by Microsoft, the other being an RCE (Remote Code Execution) affecting Hyper-V, identified as CVE-2024-20700. These vulnerabilities were part of a larger set of issues addressed in Microsoft's January 2024 Patch Tuesday. In total, the patch included fixes for 49 vulnerabilities, with CVE-2024-20674 and CVE-2024-20700 standing out due to their high severity ratings. The comprehensive update aimed at fortifying the security of Microsoft's products and protecting users from potential exploits. Microsoft's swift response to these vulnerabilities underscores the company's commitment to security. The fixes for these critical flaws, including the Windows Kerberos Security Feature Bypass (CVE-2024-20674) and the RCE affecting Hyper-V (CVE-2024-20700), were promptly released and widely publicized, ensuring that users could take immediate action to secure their systems. Users are strongly advised to apply these updates to safeguard their systems from potential attacks.

Description last updated: 2024-05-04T23:29:01.404Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-20700 Vulnerability is associated with CVE-2024-20674. CVE-2024-20700 is a critical vulnerability identified in Microsoft's Windows Hyper-V subsystem. This flaw in software design or implementation allows for remote code execution (RCE), enabling an attacker to execute arbitrary code on the victim's system without their knowledge or consent. Additionall	Unspecified	2

Source Document References

Information about the CVE-2024-20674 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	a year ago	Patch now! First patch Tuesday of 2024 is here
CERT-EU	a year ago	Kaspersky Threats — KLA62827
CERT-EU	a year ago	15th January – Threat Intelligence Report \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Checkpoint	a year ago	15th January – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Cyber Security Week In Review: January 12, 2024
BankInfoSecurity	a year ago	Breach Roundup: FTC Bans Data Broker From Sharing Locations
CERT-EU	a year ago	Microsoft’s January 2024 Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical Vulnerabilities
CERT-EU	a year ago	Microsoft Releases 49 Fixes for First Patch Tuesday of 2024 -- Redmondmag.com
CERT-EU	a year ago	Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days
CERT-EU	a year ago	Microsoft's January 2024 Patch Tuesday comes with fixes for nearly 50 bugs
InfoSecurity-magazine	a year ago	Microsoft Fixes 12 RCE Bugs in January Patch Tuesday
CERT-EU	a year ago	Microsoft's calm start to 2024: January Patch Tuesday addresses 49 bugs
CERT-EU	a year ago	Patch Tuesday Update - January 2024
CERT-EU	a year ago	January Patch Tuesday: New year, more Windows bugs
CERT-EU	a year ago	Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
SANS ISC	a year ago	Microsoft January 2024 Patch Tuesday - SANS Internet Storm Center
Securityaffairs	a year ago	Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
CERT-EU	a year ago	Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
CERT-EU	a year ago	Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) - Help Net Security
CERT-EU	a year ago	Microsoft Patch Tuesday, January 2024 Security Update Review \| Qualys Security Blog