January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs

January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs

2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.


The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway servers, Internet Explorer, ASP.NET, CryptoAPI, .NET Framework, Hyper-V, Office, Excel, and OneDrive.


This is also the month that Microsoft stops its extended support of Windows 7, meaning users with this operating system will not be receiving any further software updates or security bulletins. This will leave Windows 7 users vulnerable to future security risks and malware.


Here is a more detailed look at the vulnerabilities covered in January:


Remote Desktop Code Execution/Denial-of-Service Vulnerabilities


CVE-2020-0609 and CVE-2020-0610 are both Critical RCE vulnerabilities in the RDP Gateway Server. If successfully abused, an attacker can execute arbitrary code on the affected RDP server. CVE-2020-0611 is an RCE vulnerability that exists in the Windows Remote Desktop Client, typically utilized when a user connects to a malicious server. Successfully exploiting this vulnerability could allow an attacker to execute arbitrary code on the target’s device.


Meanwhile, CVE-2020-0612 is a denial-of-service vulnerability that also affects Windows RD ..

Support the originator by clicking the read the rest link below.