On 14th January 2020, Microsoft released a patch for 49 vulnerabilities affecting Windows Server 2016, Server 2019 and Windows 10. Of these, eight were marked as critical including CVE-2020-0603, CVE-2020-0605, CVE-2020-0606, CVE-2020-0646 CVE-2020-0609, CVE-2020-0610, CVE-2020-0611 and CVE-2020-0640.
Window vulnerabilities explained:
This vulnerability impacts the way Windows CryptoAPI validates Elliptical Curve Cryptography certificates. An attacker could exploit the vulnerability to spoof a code-signed certificate to sign a file or executable code, making it appear to be from a trusted source. Some examples of where validation of trust would be impacted are HTTPS connections, signed files and emails, and signed executable code launched as user-mode processes. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
These vulnerabilities exist in how the software handles objects in memory. They are all remote code execution vulnerabilities in the .NET and ASP.NET core software. The vulnerabilities can be exploited if a user opens a specially crafted file while using an affected version of .NET or ASP.NET Core. If successful, an attacker could then execute arbitrary code in the context of the current user.
These vulnerabilities affect all versions of Windows Server. Both contain a remote code execution vulnerability which exists in Windows Remote Desktop Gateway (RD Gateway). The flaw may allow an attacker to connect to the RD Gateway over RDP and send specially crafted requests to the target system without any prior authentication. Such requests could be to install software, view, and change or delete data, or create new user accounts with full user rights.
CVE-2020-0611 affects all versions of Windows Server and Desktop Windows. This is a remote code execution vulnerability in the Windows Remote Desktop Client. It would allow an attacker to send specially crafted requests to a client computer that has connected to a compromised Server via RDP. Such requests could be to install software, view, and change or delete data, or create new user accounts with full user rights.
This is a memory corruption vulnerability that exists in the way the Internet Explorer web browser handles objects in memory. An attacker could use this vulnerability to corrupt the victim machine, and then gain the ability to execute arbitrary code. A user can trigger this vulnerability by visiting a malicious, attacker-controlled web page in Internet Explorer.
Patches for these vulnerabilities were provided by Microsoft as part of the January 2020 Security Updates released on 15th January. To ensure your systems are protected, apply all available Windows Updates.
As a reminder, Windows 7 and Windows Server 2008 R2 are excluded from extended support and are no longer receiving updates (as of 14th January 2020). We strongly recommend that UKFast customers update/migrate any computers running Windows 7, Windows Server 2008 or Windows Server 2008 R2.
If you need any more guidance on how to apply patches, please don’t hesitate to contact the UKFast support team on 0800 923 0605 – we’re here to help!