The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour that Microsoft would be fixing a severe vulnerability in a fundamental cryptographic library. It turns out that the issue in question is indeed serious, and was reported to Microsoft by the NSA: CVE-2020-0601 is a flaw in the way Windows validates Elliptic Curve Cryptography (ECC) certificates. It allows attackers to spoof a code-signing certificate that could be used to sign a malicious executable, which would look totally legitimate to the end user. It also enables attackers to conduct man-in-the-middle attacks and decrypt confidential information on user connections to affected systems. This vulnerability exists in Windows 10, Server 2016, and Server 2019. These systems need to be patched immediately, as correct certificate validation is vital for determining trust.
According to Microsoft, on patched systems it is possible to detect attempts to use such forged certificates by looking at the Event Viewer under Windows Logs/Application for events with Event ID 1 that indicate "an attempt to exploit a known vulnerability ([CVE-2020-0601] cert validation)".
Of course, the fun this month doesn't stop there: Microsoft also published 48 other CVEs. Continuing a well-established theme from last year, three new Critical Remote Code Execution (RCE) vulnerabilities related to the Remote Desktop Protocol (RDP) have been addressed. Two of these, CVE-2020-0609 and CVE-2020-0610, are pre-authentication and affect Remote Desktop Gateway running on all supported versions of Windows Server. Remote Desktop Gateway is used to allow clients to connect to RDP servers ..
Support the originator by clicking the read the rest link below.
