Microsoft announce critical CyptoAPI Spoofing, Remote Desktop Gateway and Remote Desktop Client vulnerabilities which have been followed by an emergency directive from the US Department of Homeland Security.

An emergency directive has been released by the United States Department of Homeland Security’s Cyber Security and Infrastructure Security Agency regarding critical, high risk vulnerabilities that affect all server operating systems from Microsoft Windows Server 2012 and all desktop operating systems from Windows 7, including Windows 10.

The two vulnerabilities as noted by the Cyber Security and Infrastructure Security Agency are detailed noted below.

 

CryptoAPI spoofing vulnerability – CVE-2020-0601

The vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.

 

Windows RD Gateway and Windows Remote Desktop Client vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611

These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop Client and RD Gateway Server—allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

Whilst all of our managed customers have had their devices patched for these security vulnerabilities upon release of the patches from Microsoft, it is important for all organisations to address these vulnerabilities as a matter of urgency.

If you require assistance with securing your organisation against these and other vulnerabilities, S5 Technology Group can assist with your organisation or business’s it support..

To read the emergency directive as release by the United States Department of Homeland Security’s Cyber Security and Infrastructure Security Agency, click here.