By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted source. The victim would have no way of knowing if the file was malicious. Cyber security reporter Brian Krebs says the vulnerability is so serious, Microsoft secretly deployed a patch to branches of the U.S. military prior to today.
January's update is also the last that will provide free updates to Windows 7 and Windows Server 2008/2008 R2.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
Critical vulnerabilities
Microsoft disclosed eight critical vulnerabilities this month, all of which we will highlight below.
CVE-2020-0603, CVE-2020-0605, microsoft patch tuesday vulnerability disclosures snort coverage
