Patch three critical Windows vulnerabilities (CVE-2020-0601, CVE-2020-0609 & CVE-2020-0610) immediately to prevent potential cyber attack

Release Date: 17 Jan 2020 7701 Views

Microsoft recently released its monthly Patch Tuesday for January 2020. There are three critical vulnerabilities in two of its application components which demand attention and immediate action:

	Windows Remote Desktop Protocol (RDP) Gateway Server (CVE-2020-0609, CVE-2020-0610)	Windows CryptoAPI (CVE-2020-0601)
Attack Mode	The attacker can connect to the targeted system using RDP and send specially crafted requests to exploit the vulnerability. As it is pre-authentication and requires no user interaction, the victim would not sense any suspicious activities during the intrusion.	The attacker can conduct a wide range of attacks to undermine the cryptographic trust such as: (a) Spoofing a code-signing digital certificate to sign a malicious executable, making a file or an email appearing as from a trusted and legitimate source. This could deceive users or thwart the protection from anti-malware software installed; (b) Spoofing the sender identity by signing a forged email to deceive users of the integrity of the email message; and (c) Spoofing an HTTP connection via man-in-the-middle attack to decrypt the user’s sensitive data in transmission.
Affected Products	Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019	Microsoft Windows 10 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server, version 1803 Microsoft Windows Server, version 1903 Microsoft Windows Server, version 1909

Windows Remote Desktop Protocol (RDP) Gateway Server

(CVE-2020-0609, CVE-2020-0610)

Windows CryptoAPI

(CVE-2020-0601)

Attack

Mode

The attacker can connect to the targeted system using RDP and send specially crafted requests to exploit the vulnerability. As it is pre-authentication and requires no user interaction, the victim would not sense any suspicious activities during the intrusion.

The attacker can conduct a wide range of attacks to undermine the cryptographic trust such as:

(a) Spoofing a code-signing digital certificate to sign a malicious executable, making a file or an email appearing as from a trusted and legitimate source. This could deceive users or thwart the protection from anti-malware software installed;

(b) Spoofing the sender identity by signing a forged email to deceive users of the integrity of the email message; and

(c) Spoofing an HTTP connection via man-in-the-middle attack to decrypt the user’s sensitive data in transmission.

Affected

Products

Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019

Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server, version 1803
Microsoft Windows Server, version 1903
Microsoft Windows Server, version 1909

Recommendations:

On top of personal financial loss, the above-mentioned vulnerabilities will also have potential adverse impact on enterprises such as financial loss, data leakage, damage of trust and confidence and disruption of services.

As these high-risk vulnerabilities cover the latest versions of Microsoft Windows operating systems such as Windows 10 and Windows Server 2016/2019 and the Proof of Concept (PoC) exploit code for CVE-2020-06-01 is already available, actual attacks can come at any time! Hence, HKCERT strongly recommends the application of critical patches as soon as possible, especially for systems exposed to the Internet. For further details please refer to the below links:

Share with

Critical Citrix Application Delivery Controller Vulnerability (CVE-2019-19781) Alert

17 Jan 2020 5817 Views