HKCert
Security Blog

Patch three critical Windows vulnerabilities (CVE-2020-0601, CVE-2020-0609 & CVE-2020-0610) immediately to prevent potential cyber attack

Release Date: 17 / 01 / 2020
Last Update: 17 / 01 / 2020

Microsoft recently released its monthly Patch Tuesday for January 2020. There are three critical vulnerabilities in two of its application components which demand attention and immediate action:
 

 

Windows Remote Desktop Protocol (RDP) Gateway Server

(CVE-2020-0609, CVE-2020-0610)

Windows CryptoAPI

(CVE-2020-0601)

Attack

Mode

  • The attacker can connect to the targeted system using RDP and send specially crafted requests to exploit the vulnerability. As it is pre-authentication and requires no user interaction, the victim would not sense any suspicious activities during the intrusion.
  • The attacker can conduct a wide range of attacks to undermine the cryptographic trust such as:

    (a) Spoofing a code-signing digital certificate to sign a malicious executable, making a file or an email appearing as from a trusted and legitimate source. This could deceive users or thwart the protection from anti-malware software installed;

    (b) Spoofing the sender identity by signing a forged email to deceive users of the integrity of the email message; and

    (c) Spoofing an HTTP connection via man-in-the-middle attack to decrypt the user’s sensitive data in transmission.

Affected

Products

  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019

 

  • Microsoft Windows 10
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows Server, version 1803
  • Microsoft Windows Server, version 1903
  • Microsoft Windows Server, version 1909


 Recommendations:
 
On top of personal financial loss, the above-mentioned vulnerabilities will also have potential adverse impact on enterprises such as financial loss, data leakage, damage of trust and confidence and disruption of services.
 
As these high-risk vulnerabilities cover the latest versions of Microsoft Windows operating systems such as Windows 10 and Windows Server 2016/2019 and the Proof of Concept (PoC) exploit code for CVE-2020-06-01 is already available, actual attacks can come at any time! Hence, HKCERT strongly recommends the application of critical patches as soon as possible, especially for systems exposed to the Internet. For further details please refer to the below links: