On Tuesday, 1/14/20, Microsoft released updates to fix 49 vulnerabilities as part of their Patch Tuesday cycle. The vulnerabilities patched in the Windows CryptoAPI and Remote Desktop Protocol are of particular concern due to their severity and implications for security on affected devices. Following the summary below are links to articles related to these vulnerabilities.
CryptoAPI Spoofing Vulnerability
The vulnerability in the Windows CryptoAPI affects validation of Elliptical Curve Cryptography(ECC) certificates in Windows 10 and Window Servers 2016 and 2019. This vulnerability could allow a malicious actor to spoof a certificate and present as a trusted entity for actions such as:
- Secure web and network connections
- Application execution and installation
- Digitally signed files and emails
This could allow the attacker to appear as a trusted website such as an online banking site or not identify software and applications as untrusted. This can expose our users, devices and networks to significant security risks. Fortunately there are no know exploits taking advantage of the vulnerability today but the NSA assesses that sophisticated malicious actors will be able to understand and release an exploit quickly. There are no know mitigations other than installing the Windows patch for affected operating systems.
Remote Desktop Multiple Vulnerabilities
Multiple vulnerabilities have been patched in the Windows Remote Desktop Server and Windows Remote Desktop Client that affect currently supported versions of Windows. All of these vulnerabilities enable remote code execution and do not require authentication. Microsoft has not identified any mitigating factors for these vulnerabilities other than installing the patch.
The Cybersecurity and Infrastructure Agency(CISA) has directed all Federal agencies to have the patches applied within 10 days. The OGO CISO team recommends that credit unions accelerate their patching process this month to ensure that these patches are installed as soon as possible. Emphasis should be placed on devices directly connected to the internet, critical servers, workstations, and devices that users with elevated privileges frequently log in to.
For those of you with Ongoing Operations Managed Patching Service, please open a support ticket so that the patching team can work with you on an accelerated schedule.
If you have any questions, please don't hesitate to reach out to the Ongoing Operations CISO team here.
Articles Related to the Vulnerability