Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs

Microsoft kicks off 2020 by patching 49 CVEs, eight of which are rated as critical.

Microsoft rang in 2020 with 49 CVEs addressed in the January 2020 Patch Tuesday release. This update contains 12 remote code execution flaws and eight vulnerabilities that are rated as critical. This month’s updates include patches for Microsoft Windows, Microsoft Office, Internet Explorer, .NET Framework, NET Core, ASP.NET Core and Microsoft Dynamics. The following is a breakdown of the most important CVEs from this month’s release.

CVE-2020-0601 | Windows CryptoAPI spoofing vulnerability

CVE-2020-0601 is a spoofing vulnerability in crypt32.dll, a core cryptographic module in Microsoft Windows responsible for implementing certificate and cryptographic messaging functions in Microsoft’s CryptoAPI. For a more detailed examination of this vulnerability, check out our blog post here.

CVE-2020-0609 and CVE-2020-0610 | Windows Remote Desktop Gateway (RD Gateway) remote code execution vulnerability

In the wake of critical pre-authentication flaws from 2019, including BlueKeep (CVE-2019-0708) and DejaBlue (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 CVE-2019-1226), Microsoft has patched two new remote desktop flaws, this time in the Windows Remote Desktop Gateway (RD Gateway). CVE-2019-0609 and CVE-2019-0610 are both pre-authentication remote code execution vulnerabilities, which can be exploited when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Microsoft notes these flaws have not yet been exploited in the wild, but rates these both as ‘Exploitation More Likely.’ Patches have been released for Server 2012, Server 2012 R2, Server 2016 and Server 2019.

CVE-2020-0611 | Remote Desktop Client remote code execution vulnerability

CVE-2020-0611 is a remote code execution vulnerability that exists in the Windows Remote Desktop Client. Exploitation of this flaw would allow an attacker to execute arbitrary code on the machine of the connected client. To successfully exploit this flaw, an attacker would have to convince a user to connect to a malicious server, making exploitation of this flaw less likely. While this flaw is only scored as a CVSS 7.5, Microsoft still rates this as critical severity.

CVE-2020-0605, CVE-2020-0606 and CVE-2020-0646 | .NET Framework remote code execution vulnerability

CVE-2020-0605, CVE-2020-0606, and CVE-2020-0646 are remote code execution vulnerabilities in .NET Framework. Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.

CVE-2020-0603 | ASP.NET Core remote code execution vulnerability

CVE-2020-0603 is a remote code execution vulnerability in ASP.NET. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of ASP.NET Core. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.

CVE-2020-0650, CVE-2020-0651 and CVE-2019-0653 | Microsoft Excel remote code execution vulnerability

This month, Microsoft released 3 CVEs for remote code execution vulnerabilities in Microsoft Excel: CVE-2020-0650, CVE-2020-0651 and CVE-2020-0653. These flaws exist due to a flaw in properly handling objects in memory. Successful exploitation of these vulnerabilities would allow an attacker to execute arbitrary code in the context of the current user. To exploit these flaws, an attacker would need to convince a logged-in user to open a specially crafted file with an affected version of Microsoft Excel.

Windows 7 and Server 2008 R2 end of support

As a reminder, Windows 7 and Server 2008 support was discontinued on January 14, 2020, so we strongly recommend identifying and upgrading end-of-life systems. Plugin ID 122615 (Microsoft Windows 7 / Server 2008 R2 Unsupported Version Detection) can be used to identify the OS running on a target to assist in identifying end-of-support devices.

Tenable solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name Contains January 2020.

Plugin Name Contains January 2020

With that filter set, click the plugin families to the left, and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

Plugin Family

A list of all the plugins released for Tenable’s January 2020 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.