Skip to main content

2020-002: Critical vulnerabilities for Microsoft Windows

On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.

Alert status

The vulnerabilities

Tracked as CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611, these vulnerabilities were announced along with patches on 15 January 2020 (AEDT) as part of Microsoft's January 2020 security updates.

CVE-2020-0601 – Important

The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability.

CVE-2020-0609 and CVE-2020-0610 – Critical

CVE-2020-0609 and CVE-2020-0610 both contain a remote code execution vulnerability which exists in Windows Remote Desktop Gateway (RD Gateway) where an unauthenticated attacker can connect to the RD Gateway over RDP and send specially crafted requests to the target system. This can allow a malicious actor to install software, modify/create user accounts, or modify data on the RD Gateway.

CVE-2020-0611 - Critical

CVE-2020-0611 is a remote code execution vulnerability which exists in the Windows Remote Desktop Client. When a user connects to a malicious server via RDP, an attacker could exploit this vulnerability and execute arbitrary code on the connecting computer as the user. This can allow an adversary to install software, modify/create user accounts, or modify data on a client's computer.

Affected products and version


  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

CVE-2020-0609 and CVE-2020-0610

  • Affects all supported Windows Server versions where Remote Desktop Gateway is installed.


  • All supported versions of Windows Server and Desktop, including Windows 7 and Windows 2008 R2 which became end of life on 14 January 2020.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it