Microsoft Monthly Security Update (January 2024)

Microsoft has released monthly security update for their products:

[Updated on 2025-02-05]

CVE-2024-29059 vulnerability is being actively exploited. An attacker can use the exposed ObjRef URI in Microsoft .NET Framework to execute a network attack and allows them to enable remote code execution.

Vulnerable Product	Risk Level	Impacts	Notes
Windows	Medium Risk	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure Spoofing Denial of Service
Extended Security Updates (ESU)	Medium Risk	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Spoofing
Microsoft Office	Medium Risk	Remote Code Execution
Azure	Medium Risk	Remote Code Execution Denial of Service
Mariner	Medium Risk	Remote Code Execution
Developer Tools	High Risk	Denial of Service Security Restriction Bypass Elevation of Privilege Information Disclosure	CVE-2024-29059 is being exploited in the wild. This  is a Microsoft .NET Framework information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
SQL Server	Medium Risk	Security Restriction Bypass

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 7

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk