Blog

Microsoft Patch Tuesday for January 2020, (Tue, Jan 14th)

[Special Note: we will have a special webcast on this topic at noon ET tomorrow (Wednesday, January 15th. See https://sans.org/cryptoapi-isc )

This month, Microsoft wasn’t able to prevent information about these updates from leaking as it usually can. Information about one particular flaw, %CVE:2020-0601%, the “Windows CryptoAPI Spoofing Vulnerability,” was leaked as early as Friday.

CVE-2020-0601 has a significant impact on endpoint security. An attacker exploiting this vulnerability will be able to make malicious code look like it was signed by a trusted source (for example, Microsoft). The flaw only affects Elliptic Curve Cryptography (ECC) certificates. ECC, just like RSA certificates, use public/private keys. ECC is considered more modern and efficient. ECC keys are significantly shorter than RSA keys of equivalent strength. With ECC still being somewhat “new,” many software publishers still use RSA certificates. But it appears to be possible that an attacker could spoof an entity that usually only uses RSA certificates by applying a spoofed ECC certificate to malicious software. The code validating the certificate doesn’t know which type of certificate a publisher uses.

How severe is this flaw? If you are having issues with your users enabling macros in Office documents they receive from untrusted sources and if nothing blocks them from downloading and execute malware: Don’t worry. You are not validating signatures anyway. However, if you have an endpoint solution that blocks users from running untrusted code: You likely need to worry and apply this patch quickly. The flaw is part of Microsoft’s Crypto API (crypt32.dll). This library is used by pretty much all Windows software that deals with encryption and digital signatures. This flaw is likely going to affect a lot of third party software as well, not just software written by Microsoft. 

At this point, I am not aware of a public exploit, but the advisory was made public minutes ago. Maybe we will know more by the end of the day. At this point, the vulnerability has not been exploited yet. It was found by the US National Security Agency (NSA), who reported the flaw to Microsoft.

But %CVE:2020-0601% isn’t the only vulnerability you should be worried about this month. %CVE:2020-0609% and %CVE:2020-0610% are fixing remote code execution vulnerabilities in the Windows Remote Desktop Gateway (RD Gateway). Remember BlueKeep? The RD Gateway is used to authenticate users and allow access to internal RDP services. As a result, RD Gateway is often exposed and used to protect the actual RDP servers from exploitation.

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Remote Code Execution Injection Vulnerability
%%cve:2020-0646%% No No Critical    
.NET Framework Remote Code Execution Vulnerability
%%cve:2020-0605%% No No Critical    
%%cve:2020-0606%% No No Critical    
ASP.NET Core Denial of Service Vulnerability
%%cve:2020-0602%% No No Less Likely Less Likely Important    
ASP.NET Core Remote Code Execution Vulnerability
%%cve:2020-0603%% No No Critical    
Hyper-V Denial of Service Vulnerability
%%cve:2020-0617%% No No Important 5.3 4.8
Internet Explorer Memory Corruption Vulnerability
%%cve:2020-0640%% No No Critical 7.5 6.7
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
%%cve:2020-0620%% No No Important 7.8 7.0
Microsoft Dynamics 365 (On-Premise) Cross-Site Scripting Vulnerability
%%cve:2020-0656%% No No Important    
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2020-0650%% No No Important    
%%cve:2020-0651%% No No Important    
%%cve:2020-0653%% No No Important    
Microsoft Graphics Component Information Disclosure Vulnerability
%%cve:2020-0622%% No No Important 5.5 5.0
Microsoft Graphics Components Information Disclosure Vulnerability
%%cve:2020-0607%% No No Important 5.5 5.0
Microsoft Office Memory Corruption Vulnerability
%%cve:2020-0652%% No No Important    
Microsoft Office Online Spoofing Vulnerability
%%cve:2020-0647%% No No Important    
Microsoft OneDrive for Android Security Feature Bypass Vulnerability
%%cve:2020-0654%% No No Important    
Microsoft Windows Denial of Service Vulnerability
%%cve:2020-0616%% No No Less Likely Less Likely Important 5.5 5.0
Microsoft Windows Elevation of Privilege Vulnerability
%%cve:2020-0641%% No No Important 7.8 7.0
Remote Desktop Client Remote Code Execution Vulnerability
%%cve:2020-0611%% No No Critical 7.5 6.7
Remote Desktop Web Access Information Disclosure Vulnerability
%%cve:2020-0637%% No No Important 5.7 5.1
Update Notification Manager Elevation of Privilege Vulnerability
%%cve:2020-0638%% No No Important 7.8 7.0
Win32k Elevation of Privilege Vulnerability
%%cve:2020-0624%% No No Important 7.8 7.0
%%cve:2020-0642%% No No Important 7.8 7.0
Win32k Information Disclosure Vulnerability
%%cve:2020-0608%% No No Important 5.5 5.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
%%cve:2020-0634%% No No More Likely More Likely Important 7.8 7.0
Windows Common Log File System Driver Information Disclosure Vulnerability
%%cve:2020-0615%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2020-0639%% No No Less Likely Less Likely Important 5.5 5.0
Windows CryptoAPI Spoofing Vulnerability
%%cve:2020-0601%% No No More Likely More Likely Important 8.1 7.3
Windows Elevation of Privilege Vulnerability
%%cve:2020-0635%% No No Important 7.8 7.0
%%cve:2020-0644%% No No Important 7.8 7.0
Windows GDI+ Information Disclosure Vulnerability
%%cve:2020-0643%% No No Important 5.5 5.0
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
%%cve:2020-0612%% No No Important 7.5 6.7
Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
%%cve:2020-0609%% No No Critical 9.8 8.8
%%cve:2020-0610%% No No Critical 9.8 8.8
Windows Search Indexer Elevation of Privilege Vulnerability
%%cve:2020-0613%% No No Important 7.8 7.0
%%cve:2020-0614%% No No Important 7.8 7.0
%%cve:2020-0623%% No No Important 7.8 7.0
%%cve:2020-0625%% No No Important 7.8 7.0
%%cve:2020-0626%% No No Important 7.8 7.0
%%cve:2020-0627%% No No Important 7.8 7.0
%%cve:2020-0628%% No No Important 7.8 7.0
%%cve:2020-0629%% No No Important 7.8 7.0
%%cve:2020-0630%% No No Important 7.8 7.0
%%cve:2020-0631%% No No Important 7.8 7.0
%%cve:2020-0632%% No No Important 7.8 7.0
%%cve:2020-0633%% No No Important 7.8 7.0
Windows Security Feature Bypass Vulnerability
%%cve:2020-0621%% No No Important 4.4 4.0
Windows Subsystem for Linux Elevation of Privilege Vulnerability
%%cve:2020-0636%% No No Important 7.8 7.0


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Posted in: SANS

Leave a Comment (0) ↓