by Michael Bright, Consultant
Endpoint and server patching have become more important than ever before. Creating and maintaining a culture of security and defense should be a high priority in any organization without regard to the size of your business or the service or product you provide.
While many of us were still trying to put away the tinsel and dig out from under the holiday clutter, Microsoft was busy preparing patches to address the latest vulnerabilities targeting both server and desktop operating systems. If you thought you were getting shiny new bells and whistles in your stockings from Microsoft this year, think again.
Just two weeks after the start of the new year, and with a little help from the NSA, Microsoft identified and released fixes to patch 49 vulnerabilities. This latest set of fixes comes as part of their monthly “patch Tuesday” release. Along with Windows CryptoAPI, Remote Desktop Client, and the Remote Desktop Gateway were identified as being exploitable for remote code execution.
Windows CryptoAPI is an API (application programming interface) that allows developers to secure apps using cryptography. The most recent vulnerability gives an attacker the potential to “spoof” a certificate, fooling the host machine into trusting the application to execute. This allows attackers to obtain encryption keys and ultimately access protected data.
The Remote Desktop Gateway vulnerability potentially allows remote code execution on target systems. The attacker uses specific requests to the host machine to gain access and requires no authentication or end-user interaction. The vulnerability affects all supported versions of Windows Server; however, support for Server 2008 ended January 14th of this year.
The Remote Desktop Client vulnerability is very similar to those mentioned above but requires the end-user of the host to connect to a malicious server. The client connection is what allows the attacker the ability to execute code.
Windows 7 and several other widely used products are now considered at the end of life, making it critical that organizations work towards deploying and supporting modern operating systems. It is also paramount to develop and govern processes for server and client patching in your organization. In today’s world, these types of vulnerabilities will likely be the norm. Knowing that your organization has laid the foundation for regular security patching helps system administrators get a better night’s sleep, and possibly even a little more time to box up the last of the holiday decorations.
I strongly encourage you to read up on the January 2020 release notes for further information regarding this month’s patching event. Read more here: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan
We’re here to help! If you would like more information on how Divurgent can help keep your environment secure and healthy please reach out to info@divurgent.com for more information.
Resources:
CVE-2020-0601, CVE-2020-0609, CVE-2020-0610, CVE-2020-0611
