The Threat

During the regularly scheduled Microsoft patch release on January 14, 2019, multiple critical vulnerabilities were released that require immediate action. CVE-2020-0601 is a CryptoAPI spoofing vulnerability that, if exploited, could be used to make a malicious program appear as a legitimately signed Microsoft program, bypassing standard security measures [1]. CVE-2020-0609 and CVE-2020-0610 are Remote Desktop Gateway vulnerabilities that could allow remote and unauthenticated threat actors to execute code on vulnerable Windows servers [2]. To avoid being impacted, it is highly recommended to apply the Microsoft patches as soon as possible. 

What we’re doing about it:

  • MVS (formerly esRECON) plugins will be updated once available, to assist in identifying these vulnerabilities.
  • eSentire security teams are continuing to monitor these issues for additional information

What you should do about it:

Additional information

Currently, eSentire is not aware of any reports of public exploitation of these vulnerabilities. Microsoft has rated each vulnerability as Exploitation More Likely, as these vulnerabilities offer high potential value for threat actors if successfully exploited. 

For additional information on these vulnerabilities, see the US-Cert alert Critical Vulnerabilities in Microsoft Windows Operating Systems [4].

CVE-2020-0601 Affected Products:

  • Windows 10 (multiple versions)
  • Windows Server 2016
  • Windows Server 2019

 CVE-2020-0609 and CVE-2020-0610 Affected Products:

  • Windows Server 2012
  • Windows Server 2016
  • Windows Server 2019

 

References:

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

[2] https://kb.cert.org/vuls/id/491944/

[3] https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

[4] https://www.us-cert.gov/ncas/alerts/aa20-014a

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory and Managed Prevention capabilities.