On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.
Tracked as CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611, these vulnerabilities were announced along with patches on 15 January 2020 (AEDT) as part of Microsoft's January 2020 security updates.
CVE-2020-0601 – Important
The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability.
CVE-2020-0609 and CVE-2020-0610 – Critical
CVE-2020-0609 and CVE-2020-0610 both contain a remote code execution vulnerability which exists in Windows Remote Desktop Gateway (RD Gateway) where an unauthenticated attacker can connect to the RD Gateway over RDP and send specially crafted requests to the target system. This can allow a malicious actor to install software, modify/create user accounts, or modify data on the RD Gateway.
CVE-2020-0611 - Critical
CVE-2020-0611 is a remote code execution vulnerability which exists in the Windows Remote Desktop Client. When a user connects to a malicious server via RDP, an attacker could exploit this vulnerability and execute arbitrary code on the connecting computer as the user. This can allow an adversary to install software, modify/create user accounts, or modify data on a client's computer.
Affected products and version
- Windows 10
- Windows Server 2016
- Windows Server 2019
CVE-2020-0609 and CVE-2020-0610
- Affects all supported Windows Server versions where Remote Desktop Gateway is installed.
- All supported versions of Windows Server and Desktop, including Windows 7 and Windows 2008 R2 which became end of life on 14 January 2020.
What do I do?
If you or your organisation uses any of the affected products, the ACSC recommends that you apply the patches urgently. The patches for these vulnerabilities are provided by Microsoft as part of the January 2020 Security updates released on 15 January 2020 (AEDT).
Microsoft Advisory – CVE-2020-0601 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0601
Microsoft Advisory – CVE-2020-0609 – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609
Microsoft Advisory – CVE-2020-0610 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610
Microsoft Advisory – CVE-2020-0611 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611
US-CERT Alert AA20-014A - Critical Vulnerabilities in Microsoft Windows Operating Systems - https://www.us-cert.gov/ncas/alerts/aa20-014a
NSA Cyber Security Advisory- Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers - https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.pdf