On January 14, 2020, Microsoft released its monthly security update as part of the Patch Tuesday updates for January 2020. The updates addressed notable vulnerabilities in the Windows Operating System.

1. CVE-2020-0601

The spoofing vulnerability, disclosed by US National Security Agency (NSA), exists in the way the default Windows cryptographic library, CryptoAPI (Crypt32.dll), validates Elliptic Curve Cryptography (ECC) certificates. Exploitation of the vulnerability could allow an attacker to undermine the way Windows verifies cryptographic trust and enable remote code execution. According to the NSA, validation of trust may be compromised in various cases, including HTTPS connections, signed files and emails and signed executable code launched as user-mode processes.

The vulnerability could by leveraged in different ways. First, it could allow an attacker to sign a malicious executable and make it appear as if it came from a legitimate and trusted source, without the victim’s knowledge. In addition, the flaw could also allow an attacker to carry out Man-in-the- Middle (MitM) attacks and decrypt confidential information on user connections to the affected software.

Affected versions of the Windows Operating System:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

2. CVE-2020-0609 and CVE-2020-0610

The pre-authentication vulnerabilities known as CVE-2020-0609 and CVE-2020-0610 exist in the Windows Remote Desktop Gateway (RD Gateway) and do not require any interaction from the owner of the server. The vulnerabilities could be exploited by sending a specially crafted request to the targeted system RD Gateway through RDP and could allow the attackers to execute arbitrary code on targeted systems.

Affected versions of the Windows Operating System:

  • Windows Server 2012
  • Windows Server 2016

We highly recommend to download and install the latest security update of Microsoft. (https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan)