11:25am, 15 Jan 2020

TLP Rating: White

Critical vulnerabilities in Microsoft Windows

As part of this month’s patch cycle, Microsoft has released an update which patches several critical vulnerabilities. 

Three vulnerabilities are in the RDP service. CVE-2020-0609 and CVE-2020-0610 allow for unauthenticated remote execution in the RDP server. CVE-2020-0611 allows for remote execution in an RDP client when it connects to a malicious server.

Microsoft has also patched a critical vulnerability in Windows’ CryptoAPI. This vulnerability, CVE-2020-0601, would allow attackers to craft malicious X.509 cryptographic certificate chains which could spoof an arbitrary issuer.