Critical Vulnerabilities in Mi... Note

Critical Vulnerabilities in Microsoft Windows Operating Systems

New vulnerabilities are continually emerging, and the best defense against attackers exploiting patched vulnerabilities is to keep software up to date. On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway, and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections. The CryptoAPI spoofing vulnerability, known as CVE-2020-0601, affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. The Windows RD Gateway and Windows Remote Desktop Client vulnerabilities, known as CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611, affect Windows Server 2012 and newer, as well as Windows 7 and newer. The Cybersecurity and Infrastructure Security Agency strongly recommends organizations install these critical patches as soon as possible, prioritizing mission critical systems, internet-facing systems, and networked servers. A successful network intrusion can have severe impacts, including temporary or permanent loss of sensitive information, disruption to regular operations, and financial losses. The agency also recommends reviewing the Microsoft January 2020 Release Notes page and applying critical patches, as well as reviewing general guidance on patch management and cybersecurity practices.