Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Advisory 2020-002: Critical Vulnerabilities for Microsoft Windows Announced, Patch Urgently

On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.

The vulnerabilities

Tracked as CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611, these vulnerabilities were announced along with patches on 15 January 2020 (AEDT) as part of Microsoft's January 2020 security updates.

CVE-2020-0601 – Important

The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability.

CVE-2020-0609 and CVE-2020-0610 – Critical

CVE-2020-0609 and CVE-2020-0610 both contain a remote code execution vulnerability which exists in Windows Remote Desktop Gateway (RD Gateway) where an unauthenticated attacker can connect to the RD Gateway over RDP and send specially crafted requests to the target system. This can allow a malicious actor to install software, modify/create user accounts, or modify data on the RD Gateway.

CVE-2020-0611 - Critical

CVE-2020-0611 is a remote code execution vulnerability which exists in the Windows Remote Desktop Client. When a user connects to a malicious server via RDP, an attacker could exploit this vulnerability and execute arbitrary code on the connecting computer as the user. This can allow an adversary to install software, modify/create user accounts, or modify data on a client's computer.

Affected products and version

CVE-2020-0601

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

CVE-2020-0609 and CVE-2020-0610

  • Affects all supported Windows Server versions where Remote Desktop Gateway is installed.

CVE-2020-0611

  • All supported versions of Windows Server and Desktop, including Windows 7 and Windows 2008 R2 which became end of life on 14 January 2020.

What do I do?

If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently. The patches for these vulnerabilities are provided by Microsoft as part of the January 2020 Security updates released on 15 January 2020 (AEDT).

Further information

Microsoft Advisory – CVE-2020-0601 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0601

Microsoft Advisory – CVE-2020-0609 – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609

Microsoft Advisory – CVE-2020-0610 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

Microsoft Advisory – CVE-2020-0611 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611

US-CERT Alert AA20-014A - Critical Vulnerabilities in Microsoft Windows Operating Systems - https://www.us-cert.gov/ncas/alerts/aa20-014a

NSA Cyber Security Advisory- Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers - https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.pdf

 

Date
January 15th, 2020