Microsoft Vulnerabilities January 2020

Today Microsoft released several patches to address critical vulnerabilities.

A number of these were deemed critical enough to warrant the US Department of Homeland Security to issue an Emergency Directive ordering all Federal agencies to patch these vulnerabilities within the next ten days.

Vulnerabilities have been found in Windows CryptoAPI as well as with RDP clients and servers

The vulnerabilities are found in the Windows CryptoAPI, as well as Remote Desktop Protocol (RDP) on both RDP Gateway Servers and RDP Clients.

Hacker scanning for vulnerabilities

Ensure your computer and networks are safe from hackers

Here are the descriptions with links to the Microsoft Security Center so you can review the KB articles associated with them.

  • CVE-2020-0601 is a CryptoAPI spoofing vulnerability and affects Windows 10, Server 2016, and Server 2019, and could potentially allow an attacker to bypass antivirus and perform malicious actions on an affected endpoint. It is listed as Important and Exploitation More Likely by Microsoft.
  • CVE-2020-0609 and CVE-2020-0610 affect Remote Desktop Gateway on Windows Server 2012, 2012R2, 2016, and 2019 and could allow an attacker to execute code without any user interaction and with no authentication. These are listed as Critical and Exploitation More Likely by Microsoft.
  • CVE-2020-0611 affects Remote Desktop Clients on all supported versions of Windows and Windows Server (including Windows 7) and could be exploited if a user is tricked into connecting to a Remote Desktop Server under the attacker’s control. This vulnerability is listed as Critical and Exploitation Less Likely.

There are no reported active exploits in the wild, the recommendation is to patch as soon as you can to avoid these being exploited by attackers scanning for weaknesses. We recommend also that you prioritise any internet facing computers as well.

If you are a customer on our support plans Mega, Giga or Tera, these patches will automatically be rolled out in the next schedule

For further reading click here

To join our newsletter to be notified of IT Security News and Information, please fill out the short form below




















Past Blogs

How concerned should you be about cyber attacks?

How concerned should you be about cyber attacks?

You’ve probably heard a lot of talk about cyber attacks but how worried should you really be? Well, very, because cyber criminals are getting smarter. We have good news...
How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business. Why? Because cyber criminals are getting smarter than ever before. If they manage to crack just...
Beware these common ‘malvertising’ attacks

Beware these common ‘malvertising’ attacks

Ever clicked an online ad and wondered afterwards if it was a scam?… most of us have – and cyber criminals want us to keep doing it. Here’s what to look out for...
Businesses are taking too long to fix vulnerabilities

Businesses are taking too long to fix vulnerabilities

If you knew your systems were at risk of attack, you’d jump in and get things locked down fast – right? Actually… many businesses take too long to fix vulnerabilities....
What Are CyberSecurity Services

What are Cybersecurity Services?

What are CyberSecurity Services ? In our digital world, the question of what cybersecurity services are is more relevant than ever. As businesses across the UK rely...
Employees are falling for 3x more phishing scams

Employees are falling for 3x more phishing scams

Cyber criminals are getting smarter, and businesses are paying the price – especially when it comes to phishing attacks. Here’s what to watch out for…

Warning: Don’t ignore hardware requirements for Windows 11

Warning: Don’t ignore hardware requirements for Windows 11

You might be ready for the upgrade to Windows 11, but is your hardware? Running the upgrade without meeting the minimum requirements could slow down everything in your...
benefits of cybersecurity

Benefits of CyberSecurity

The benefits of cybersecurity. With vast amounts of information are stored online, the benefits of robust cybersecurity are more vital than ever. At Network &...
what is dmarc

What is DMARC

What is DMARC and Why Does Your Business Need It? When it comes to protecting your business from cyber threats, email security is often overlooked. Yet, email is one of...
Why is password management software important

Why is Password Management Software Important

Why is Password Management Software Important for Your Business? In today’s digital world, passwords are the keys to your business’s most sensitive information. From...