2020-002: Critical Vulnerabilities for Microsoft Windows, Patch Urgently | Cyber.gov.au

Individuals & families Small & medium businesses Large organisations & infrastructure Government

2020-002: Critical vulnerabilities for Microsoft Windows

On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.

If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently.

What do I do?

The patches for these vulnerabilities are provided by Microsoft as part of the January 2020 Security updates released on 15 January 2020 (AEDT).

Further information

Microsoft Advisory - CVE-2020-0601 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability

Microsoft Advisory - CVE-2020-0609 - Security Update Guide - Microsoft - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability

Microsoft Advisory - CVE-2020-0610 - Security Update Guide - Microsoft - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability

Microsoft Advisory - CVE-2020-0611 - Security Update Guide - Microsoft - Remote Desktop Client Remote Code Execution Vulnerability

US-CERT Alert AA20-014A - Critical Vulnerabilities in Microsoft Windows Operating Systems | CISA

NSA Cyber Security Advisory- Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers