CVE-2024-20674

Vulnerability updated a year ago (2024-11-29T14:26:24.544Z)

Download STIX

Preview STIX

CVE-2024-20674 is a critical vulnerability identified as a Windows Kerberos Security Feature Bypass. This flaw in software design or implementation potentially allows attackers to impersonate the Windows' Kerberos server, posing a significant security risk. The vulnerability was one of two severe issues addressed by Microsoft, the other being an RCE (Remote Code Execution) affecting Hyper-V, identified as CVE-2024-20700. These vulnerabilities were part of a larger set of issues addressed in Microsoft's January 2024 Patch Tuesday. In total, the patch included fixes for 49 vulnerabilities, with CVE-2024-20674 and CVE-2024-20700 standing out due to their high severity ratings. The comprehensive update aimed at fortifying the security of Microsoft's products and protecting users from potential exploits. Microsoft's swift response to these vulnerabilities underscores the company's commitment to security. The fixes for these critical flaws, including the Windows Kerberos Security Feature Bypass (CVE-2024-20674) and the RCE affecting Hyper-V (CVE-2024-20700), were promptly released and widely publicized, ensuring that users could take immediate action to secure their systems. Users are strongly advised to apply these updates to safeguard their systems from potential attacks.

Description last updated: 2024-05-04T23:29:01.404Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2024-20700 Vulnerability is associated with CVE-2024-20674. CVE-2024-20700 is a critical vulnerability identified in Microsoft's Windows Hyper-V subsystem. This flaw in software design or implementation allows for remote code execution (RCE), enabling an attacker to execute arbitrary code on the victim's system without their knowledge or consent. Additionall	Unspecified	2

Source Document References

Information about the CVE-2024-20674 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	2 years ago	Patch now! First patch Tuesday of 2024 is here
CERT-EU	2 years ago	Kaspersky Threats — KLA62827
CERT-EU	2 years ago	15th January – Threat Intelligence Report \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Checkpoint	2 years ago	15th January – Threat Intelligence Report - Check Point Research
CERT-EU	2 years ago	Cyber Security Week In Review: January 12, 2024
BankInfoSecurity	2 years ago	Breach Roundup: FTC Bans Data Broker From Sharing Locations
CERT-EU	2 years ago	Microsoft’s January 2024 Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical Vulnerabilities
CERT-EU	2 years ago	Microsoft Releases 49 Fixes for First Patch Tuesday of 2024 -- Redmondmag.com
CERT-EU	2 years ago	Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days
CERT-EU	2 years ago	Microsoft's January 2024 Patch Tuesday comes with fixes for nearly 50 bugs
InfoSecurity-magazine	2 years ago	Microsoft Fixes 12 RCE Bugs in January Patch Tuesday
CERT-EU	2 years ago	Microsoft's calm start to 2024: January Patch Tuesday addresses 49 bugs
CERT-EU	2 years ago	Patch Tuesday Update - January 2024
CERT-EU	2 years ago	January Patch Tuesday: New year, more Windows bugs
CERT-EU	2 years ago	Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
SANS ISC	2 years ago	Microsoft January 2024 Patch Tuesday - SANS Internet Storm Center
Securityaffairs	2 years ago	Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws
CERT-EU	2 years ago	Microsoft starts off new year with relatively light Patch Tuesday, no zero-days
CERT-EU	2 years ago	Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) - Help Net Security
CERT-EU	2 years ago	Microsoft Patch Tuesday, January 2024 Security Update Review \| Qualys Security Blog