These critical update releases have been pointed out in security bulletins and in an NSA alert regarding severe vulnerabilities impacting Windows cryptographic functionality.
WHAT TO KNOW AND WHAT TO DO ?
These vulnerabilities impacting Windows cryptographic functionality are fixed within the last Patch Tuesday patches from Microsoft Windows. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities (HTTPS connections, Signed files and emails, Signed executable code launched as user-mode process).
Two of them are particularly critical:
CVE-2020-0601: Vulnerability on the CryptoAPI DLL allowing the certification of malicious binaries (link CERT-FR).
- Who is concerned: Anybody or any company with the following Windows systems.
- Impacted systems: Microsoft Windows 10, Windows Server 2016, Windows Server 2019.
- Remediation : It is strongly recommended to apply the updates patches from this CVE (link Portail Microsoft)
CVE-2020-0610 : Vulnérabilité impactant le service RDP Windows permettant à un attaquant l’exécution de code arbitraire sur le client Windows sans nécessairement avoir besoin de s’y authentifier (link CERT-FR).
- Who is concerned: Anybody or any company with the following Windows systems.
- Impacted systems: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019
- Remediation : It is strongly recommended to apply the updates patches from this CVE (link Portail Microsoft).
OUR RECOMMENDATIONS
It is strongly recommended to apply the corrective patches available as soon as possible by prioritizing windows-based appliances, web servers and proxies that perform TLS validation as well as Endpoints that host critical infrastructure (e.g. domain controllers, DNS servers, update servers, VPN servers, IPSec negotiation).
If your Windows machines are regularly updated (WSUS), please check that they have recovered the security patches dated 01/14/2020. Otherwise, please download and install Microsoft Windows patches as soon as possible.
AntemetA Cybersecurity team
MORE INFORMATION
Microsoft web pages:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/CVE-2020-0610
NSA Advisory:
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
CERT-FR Security bulletins:
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-004/
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-005/
Brian Krebs blogs:
https://krebsonsecurity.com/2020/01/patch-tuesday-january-2020-edition/