The OGO Blog

Critical Microsoft Windows Patches Released: Cyber Tip of The Month January 2020

ongoing operations patch management for credit unions

On Tuesday, 1/14/20, Microsoft released updates to fix 49 vulnerabilities as part of their Patch Tuesday cycle. The vulnerabilities patched in the Windows CryptoAPI and Remote Desktop Protocol are of particular concern due to their severity and implications for security on affected devices. Following the summary below are links to articles related to these vulnerabilities.

CryptoAPI Spoofing Vulnerability

The vulnerability in the Windows CryptoAPI affects validation of Elliptical Curve Cryptography(ECC) certificates in Windows 10 and Window Servers 2016 and 2019. This vulnerability could allow a malicious actor to spoof a certificate and present as a trusted entity for actions such as:

  • Secure web and network connections
  • Application execution and installation
  • Digitally signed files and emails

This could allow the attacker to appear as a trusted website such as an online banking site or not identify software and applications as untrusted. This can expose our users, devices and networks to significant security risks. Fortunately there are no know exploits taking advantage of the vulnerability today but the NSA assesses that sophisticated malicious actors will be able to understand and release an exploit quickly. There are no know mitigations other than installing the Windows patch for affected operating systems.

Remote Desktop Multiple Vulnerabilities

Multiple vulnerabilities have been patched in the Windows Remote Desktop Server and Windows Remote Desktop Client that affect currently supported versions of Windows. All of these vulnerabilities enable remote code execution and do not require authentication. Microsoft has not identified any mitigating factors for these vulnerabilities other than installing the patch.

The Cybersecurity and Infrastructure Agency(CISA) has directed all Federal agencies to have the patches applied within 10 days. The OGO CISO team recommends that credit unions accelerate their patching process this month to ensure that these patches are installed as soon as possible. Emphasis should be placed on devices directly connected to the internet, critical servers, workstations, and devices that users with elevated privileges frequently log in to.

For those of you with Ongoing Operations Managed Patching Service, please open a support ticket so that the patching team can work with you on an accelerated schedule.

If you have any questions, please don't hesitate to reach out to the Ongoing Operations CISO team here.

Articles Related to the Vulnerability

https://www.us-cert.gov/ncas/alerts/aa20-014a
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609

Want to stay up to date on information from Ongoing Operations? Subscribe to our blog below!