Microsoft released a set of patches for the serious flaws for the different versions of Windows after the National Security Agency (NSA) discovered and reported a security vulnerability for the Windows platform.
On Tuesday, January 14, Microsoft released a new patch for Windows 10 and Server 2016 after the National Security Agency (NSA) discovered the vulnerabilities.
One of the vulnerabilities, CVE-2020-0601 is critical and the patch should be applied immediately.
The “CVE” in the label stands for Common Vulnerabilities and Exposures, which is a list of known vulnerabilities with a descriptive label or identification number, as well as a description of the vulnerability. This is often what vulnerability scanning software uses to determine if a system has any vulnerabilities.
The CVE-2020-0601 vulnerability can be exploited to undermine Public Key Infrastructure (PKI) trust. Attackers can create a forged certificate to spoof trusted agencies such as web sites, software companies, service providers, etc.
Essentially, an unpatched system would have a hard time determining the legitimacy of software or establishing secure web connections. Then attackers could remotely distribute malware or intercept sensitive data. This signed malware could bypass normal protections, such as antivirus, that only run applications with valid signatures, because it appears valid to the unpatched system.
Windows 10 is the most-used operating system and is installed on more than 900 million PCs.
Another set of vulnerabilities discovered, CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611, affect Windows Servers 2012 and newer. Additionally, CVE-2020-0611 affects Windows 7 and newer. This set of vulnerabilities affect the Windows Remote Desktop Client and RD Gateway Server, which allows for remote code execution where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction. The client vulnerability would enable a user to connect to a malicious server.
The reason this is a big issue and reported everywhere is these vulnerabilities can have a severe impact on end users. There can be disruptions in day-to-day business, temporary or permanent loss of sensitive data, and potential harm to an organization’s reputation. All of these can lead to financial losses related to restoring files and systems and dealing with possible breach notifications and actions.
The best course of action is to check for available updates immediately and install them. If you have a notification that updates are needing to be installed and your system needs to restart to do this, restart the computer. Don’t wait until the end of the day or the end of the work week.
To see if you currently have any of these vulnerabilities and more, contact us today. We can run a quick vulnerability scan or we can conduct a penetration test and see if there is anything we can exploit, with your permission.