Microsoft Vulnerabilities January 2020

Today Microsoft released several patches to address critical vulnerabilities.

A number of these were deemed critical enough to warrant the US Department of Homeland Security to issue an Emergency Directive ordering all Federal agencies to patch these vulnerabilities within the next ten days.

Vulnerabilities have been found in Windows CryptoAPI as well as with RDP clients and servers

The vulnerabilities are found in the Windows CryptoAPI, as well as Remote Desktop Protocol (RDP) on both RDP Gateway Servers and RDP Clients.

Hacker scanning for vulnerabilities

Ensure your computer and networks are safe from hackers

Here are the descriptions with links to the Microsoft Security Center so you can review the KB articles associated with them.

  • CVE-2020-0601 is a CryptoAPI spoofing vulnerability and affects Windows 10, Server 2016, and Server 2019, and could potentially allow an attacker to bypass antivirus and perform malicious actions on an affected endpoint. It is listed as Important and Exploitation More Likely by Microsoft.
  • CVE-2020-0609 and CVE-2020-0610 affect Remote Desktop Gateway on Windows Server 2012, 2012R2, 2016, and 2019 and could allow an attacker to execute code without any user interaction and with no authentication. These are listed as Critical and Exploitation More Likely by Microsoft.
  • CVE-2020-0611 affects Remote Desktop Clients on all supported versions of Windows and Windows Server (including Windows 7) and could be exploited if a user is tricked into connecting to a Remote Desktop Server under the attacker’s control. This vulnerability is listed as Critical and Exploitation Less Likely.

There are no reported active exploits in the wild, the recommendation is to patch as soon as you can to avoid these being exploited by attackers scanning for weaknesses. We recommend also that you prioritise any internet facing computers as well.

If you are a customer on our support plans Mega, Giga or Tera, these patches will automatically be rolled out in the next schedule

For further reading click here

To join our newsletter to be notified of IT Security News and Information, please fill out the short form below




















Past Blogs

Copilot connects Microsoft and Google

Microsoft Copilot Now Connects Gmail and Outlook—What This Means for Your Business

If you’ve ever found yourself switching between Gmail, Outlook, and countless browser tabs just to track down an email or check your diary, you’re not alone. For many...
New Ransomware Warning

New Ransomware Alert: What UK Businesses Should Do

Don't Waste Time Searching Through Settings

Windows 11’s New AI Agent: A Smarter Way to Tackle Settings

More accessibility Features in Windows 11

Windows 11’s New Accessibility Tool: What It Means for Your Business

Outlook flags your important email

Outlook will flag your most important emails

Can your staff access too much?

Half of staff have too much access to data

Windows 10 hit ends of life in just over 2 weeks

Free Support for Windows 10 Ends in Just Two Weeks – Here’s What Your Business Needs to Know

Free Support for Windows 10 Ends in Just Two Weeks – Here’s What Your Business Needs to Know What would it take to bring your business to a halt?It’s not always a major...
Better passkey integration in windows

Passkeys will be better integrated in Windows

New hire? New security risk

New member of staff… new cyber security risk?

   When you bring someone new into the business, your first thought is usually about getting them set up to succeed. A laptop, email account, access to the right...
Microsoft to Introduce a Unified Naming System for Hackers

Microsoft to Introduce a Unified Naming System for Hackers

Have you ever tried to follow a crime documentary where the main suspect keeps changing names? It’s confusing—and that’s exactly what’s been happening in the world of...