January 2020 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft have patched 49 vulnerabilities; with 8 ranked critical. The most critical patch this month is a fix for a flaw in Windows 10, so severe that it urged the US National Security Agency (NSA) to release a public warning.
All users are advised to to install these security updates as soon as possible to ensure you're protected from these security risks.
Full information on this months patches can be found here:
The most notable patched bug to date
The bug discovered by the NSA was a vulnerability in CryptoAPI (Crypt32.dll), the default Windows cryptographic library.
The bug (CVE-2020-0601) is considered as bad as it gets. It can allow a threat actor to fake file signatures and launch man-in-the-middle attacks on encrypted HTTPS communications.
Part of the advisory released by the NSA stated that the “exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities.”
The good news is that there were no vulnerabilities publicly disclosed or found being actively exploited in the wild.
Critical Windows Remote Desktop Gateway vulnerabilities
The January 2020 Patch Tuesday also fixes three vulnerabilities in the Windows Remote Desktop Gateway (RD Gateway).
Two of the vulnerabilities (CVE-2020-0609 and CVE-2020-0610) could allow an unauthenticated attacker to perform remote code execution on a vulnerable system. The third vulnerability (CVE-2020-0612) could allow an attacker to perform a denial of service (DoS) on an RDP system and cause it to stop responding.
If you use RD Gateway in your organisation, we suggest you install these updates urgently.
Overall, the Microsoft January 2020 Patch Tuesday is smaller than many of Microsoft's 2019 Patch Tuesdays, but it's surely no less important, as the three bugs presented above are unavoidable.
Patching is important...
Security vulnerabilities are the 'low hanging fruit' for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.
Customers are advised to follow these security tips:
- Install vendor patches immediately when available.
- Run all software with least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
- Real life cyber crime video - Phishing affects healthcare provider
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Know your enemy: What motivates a cyber criminal?
- A buyers guide to patch management software
- Types of penetration test - what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.