Microsoft released several updates to address critical vulnerabilities. Several were of sufficient concern to encourage the Homeland Security Department to issue an Emergency Directive directing all federal agencies to patch these vulnerabilities in the next ten days.
The vulnerabilities are present on both RDP Gateway Servers & RDP Clients, in the Windows CryptoAPI, as well as the Remote Desktop Protocol (RDP).
Here are the descriptions with links to the Microsoft Security Center so you can review the KB articles associated with them.
CVE-2020-0601 is a CryptoAPI spoofing vulnerability and affects Windows 10, Server 2016, and Server 2019, and could potentially allow an attacker to bypass antivirus and perform malicious actions on an affected endpoint. It is listed as Important and Exploitation More Likely by Microsoft.
CVE-2020-0609 and CVE-2020-0610 affect Remote Desktop Gateway on Windows Server 2012, 2012R2, 2016, and 2019 and could allow an attacker to execute code without any user interaction and with no authentication. These are listed as Critical and Exploitation More Likely by Microsoft.
CVE-2020-0611 affects Remote Desktop Clients on all supported versions of Windows and Windows Server (including Windows 7) and could be exploited if a user is tricked into connecting to a Remote Desktop Server under the attacker’s control. This vulnerability is listed as Critical and Exploitation Less Likely.
While there are no active attacks at this moment, these kinds of vulnerabilities are attracting bad actors who will seek to use them for attempted breaches.
It is recommended that this month’s security updates be accepted and deployed for all affected operating systems in your environment(s) as soon as possible, with particular attention provided first for any Internet facing systems. If you are not sure what patches to deploy please contact us ASAP!
We want to make sure you stay informed and protected, so stay tuned to this blog as situations like this arise in the future.