Alert status CRITICAL The vulnerabilities Tracked as CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611, these vulnerabilities were announced along with patches on 15 January 2020 (AEDT) as part of Microsoft's January 2020 security updates. CVE-2020-0601 – Important The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability. CVE-2020-0609 and CVE-2020-0610 – Critical CVE-2020-0609 and CVE-2020-0610 both contain a remote code execution vulnerability which exists in Windows Remote Desktop Gateway (RD Gateway) where an unauthenticated attacker can connect to the RD Gateway over RDP and send specially crafted requests to the target system. This can allow a malicious actor to install software, modify/create user accounts, or modify data on the RD Gateway. CVE-2020-0611 - Critical CVE-2020-0611 is a remote code execution vulnerability which exists in the Windows Remote Desktop Client. When a user connects to a malicious server via RDP, an attacker could exploit this vulnerability and execute arbitrary code on the connecting computer as the user. This can allow an adversary to install software, modify/create user accounts, or modify data on a client's computer. Affected products and version CVE-2020-0601 Windows 10 Windows Server 2016 Windows Server 2019 CVE-2020-0609 and CVE-2020-0610 Affects all supported Windows Server versions where Remote Desktop Gateway is installed. CVE-2020-0611 All supported versions of Windows Server and Desktop, including Windows 7 and Windows 2008 R2 which became end of life on 14 January 2020.
