Today Microsoft released several patches to address critical vulnerabilities. Several were of enough concern to prompt the Department of Homeland Security to issue an Emergency Directive ordering all Federal agencies to patch these vulnerabilities within the next ten days.
The vulnerabilities are found in the Windows CryptoAPI, as well as Remote Desktop Protocol (RDP) on both RDP Gateway Servers and RDP Clients.
Here are the descriptions with links to the Microsoft Security Center so you can review the KB articles associated with them.
CVE-2020-0601 is a CryptoAPI spoofing vulnerability and affects Windows 10, Server 2016, and Server 2019, and could potentially allow an attacker to bypass antivirus and perform malicious actions on an affected endpoint. It is listed as Important and Exploitation More Likely by Microsoft.
CVE-2020-0609 and CVE-2020-0610 affect Remote Desktop Gateway on Windows Server 2012, 2012R2, 2016, and 2019 and could allow an attacker to execute code without any user interaction and with no authentication. These are listed as Critical and Exploitation More Likely by Microsoft.
CVE-2020-0611 affects Remote Desktop Clients on all supported versions of Windows and Windows Server (including Windows 7) and could be exploited if a user is tricked into connecting to a Remote Desktop Server under the attacker’s control. This vulnerability is listed as Critical and Exploitation Less Likely.
While there are no active attacks at this time, these types of vulnerabilities attract bad actors who will attempt to use them for breach attempts.
It is recommended to approve and deploy this month’s security updates for all affected operating systems as soon as possible in your environment(s), with special attention given for any Internet facing systems first.
We will update this blog if an attack is detected in the wild. We want to make sure you stay informed and protected, so stay tuned to this blog as situations like this arise in the future.