Service Notices
January 2020 Microsoft Security Update
Jan 17, 2020 GMT+08:00
I. Overview
Microsoft recently released its monthly set of security updates for January, addressing 49 vulnerabilities, among which 8 are rated "critical". The following applications are affected: Microsoft Windows, Internet Explorer, Microsoft Edge, .NET Framework, and others.
Microsoft release notes:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan
Note: This patch update involves one major high-risk vulnerabilities. Please check and complete security hardening as soon as possible.
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, and resulting in RCE. Windows 10 and Windows Server 2016/2019 are affected. POC is disclosed, which is highly risky.
II. Severity
Severity: Critical
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Internet Explorer, Microsoft Edge, .NET Framework
IV. Vulnerability Details
CVE ID | Vulnerability Name | Severity | Vulnerability Description |
CVE-2020-0609 CVE-2020-0610 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability | Critical | A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. |
CVE-2020-0611 | Remote Desktop Client Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. |
CVE-2020-0646 | .NET Framework Remote Code Execution Injection Vulnerability | Important | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of the affected system. |
CVE-2020-0605 CVE-2020-0606 | NET Framework Remote Code Execution Vulnerability.NET Framework Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. |
CVE-2020-0603 | ASP.NET Core Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. |
CVE-2020-0640 | Internet Explorer Memory Corruption Vulnerability | Important | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://portal.msrc.microsoft.com/en-us/security-guidance
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.