Microsoft released a security update under Patch Tuesday and fixed nearly 50 security vulnerabilities that affected various Microsoft product and the patch is available for 900 million Windows users.

Microsoft issued a patch for various software products including the following:

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET Core
  • .NET Core
  • .NET Framework
  • OneDrive for Android
  • Microsoft Dynamics

Among 49 vulnerabilities, 7 of them marked as “critical” severity, 41 categorized as “Important” and one vulnerability fixed as “Moderate severity”

Most of the critical vulnerabilities (CVE-2020-0606), (CVE-2020-0605) affected the .Net Framework and it allows an attacker to execute arbitrary code remotely in the context of the current user.

If the user logged in as admin, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Another remote code execution infection vulnerability (CVE-2020-0646) exists when the Microsoft .NET Framework fails to validate input properly and it leads to an attacker who successfully exploited this vulnerability could take control of an affected system. 

Microsoft fixed a remote code execution vulnerabilities(CVE-2020-0611), (CVE-2020-0609) that existing in Windows RDP  Client when a user connects to a malicious server. n attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. 

Crypto Vulnerability Reported by NSA

Microsoft also fixed a critical cryptographic vulnerability that affects Windows 10, Clients & Servers Discovered By NSA.

The vulnerability can be tracked as CVE-2020-0601 and the successful exploitation of the vulnerability allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

Windows users are recommended to immediately patch the critical Cryptographic vulnerability that existing in the Windows CryptoAPI (Crypt32.dll).

NSA Consider this vulnerability is severe and the sophisticated cyber criminals easily exploit this vulnerability as well as it has widespread if the system will not be patched.

Microsoft Security Updates

.NET Framework

1.NET FrameworkCVE-2020-0606.NET Framework Remote Code Execution Vulnerability
2.NET FrameworkCVE-2020-0605.NET Framework Remote Code Execution Vulnerability
3.NET FrameworkCVE-2020-0646.NET Framework Remote Code Execution Injection Vulnerability

Windows RDP

1Windows RDPCVE-2020-0609Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
2Windows RDPCVE-2020-0637Remote Desktop Web Access Information Disclosure Vulnerability
3Windows RDPCVE-2020-0612Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
4Windows RDPCVE-2020-0611Remote Desktop Client Remote Code Execution Vulnerability
5Windows RDPCVE-2020-0610Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability

Microsoft Windows

1Microsoft WindowsCVE-2020-0644Windows Elevation of Privilege Vulnerability
2Microsoft WindowsCVE-2020-0624Win32k Elevation of Privilege Vulnerability
3Microsoft WindowsCVE-2020-0635Windows Elevation of Privilege Vulnerability
4Microsoft WindowsCVE-2020-0620Microsoft Cryptographic Services Elevation of Privilege Vulnerability
5Microsoft WindowsCVE-2020-0616Microsoft Windows Denial of Service Vulnerability
6Microsoft WindowsCVE-2020-0608Win32k Information Disclosure Vulnerability
7Microsoft WindowsCVE-2020-0601Windows CryptoAPI Spoofing Vulnerability
8Microsoft WindowsCVE-2020-0621Windows Security Feature Bypass Vulnerability

Microsoft Windows Search Component

1Microsoft Windows Search ComponentCVE-2020-0633Windows Search Indexer Elevation of Privilege Vulnerability
2Microsoft Windows Search ComponentCVE-2020-0623Windows Search Indexer Elevation of Privilege Vulnerability
3Microsoft Windows Search ComponentCVE-2020-0613Windows Search Indexer Elevation of Privilege Vulnerability
4Microsoft Windows Search ComponentCVE-2020-0614Windows Search Indexer Elevation of Privilege Vulnerability
5Microsoft Windows Search ComponentCVE-2020-0632Windows Search Indexer Elevation of Privilege Vulnerability
6Microsoft Windows Search ComponentCVE-2020-0627Windows Search Indexer Elevation of Privilege Vulnerability
7Microsoft Windows Search ComponentCVE-2020-0628Windows Search Indexer Elevation of Privilege Vulnerability
8Microsoft Windows Search ComponentCVE-2020-0625Windows Search Indexer Elevation of Privilege Vulnerability
9Microsoft Windows Search ComponentCVE-2020-0626Windows Search Indexer Elevation of Privilege Vulnerability
10Microsoft Windows Search ComponentCVE-2020-0629Windows Search Indexer Elevation of Privilege Vulnerability
11Microsoft Windows Search ComponentCVE-2020-0631Windows Search Indexer Elevation of Privilege Vulnerability
12Microsoft Windows Search ComponentCVE-2020-0630Windows Search Indexer Elevation of Privilege Vulnerability

Microsoft Office

1Microsoft OfficeCVE-2020-0650Microsoft Excel Remote Code Execution Vulnerability
2Microsoft OfficeCVE-2020-0652Microsoft Office Memory Corruption Vulnerability
3Microsoft OfficeCVE-2020-0653Microsoft Excel Remote Code Execution Vulnerability
4Microsoft OfficeCVE-2020-0651Microsoft Excel Remote Code Execution Vulnerability
5Microsoft OfficeCVE-2020-0647Microsoft Office Online Spoofing Vulnerability

Other software products

1AppsCVE-2020-0654Microsoft OneDrive for Android Security Feature Bypass Vulnerability
2ASP.NETCVE-2020-0603ASP.NET Core Remote Code Execution Vulnerability
3ASP.NETCVE-2020-0602ASP.NET Core Denial of Service Vulnerability
4Common Log File System DriverCVE-2020-0615Windows Common Log File System Driver Information Disclosure Vulnerability
5Common Log File System DriverCVE-2020-0634Windows Common Log File System Driver Elevation of Privilege Vulnerability
6Common Log File System DriverCVE-2020-0639Windows Common Log File System Driver Information Disclosure Vulnerability
7Microsoft DynamicsCVE-2020-0656Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
8Windows Hyper-VCVE-2020-0617Hyper-V Denial of Service Vulnerability
9Windows MediaCVE-2020-0641Microsoft Windows Elevation of Privilege Vulnerability
10Windows Subsystem for LinuxCVE-2020-0636Windows Subsystem for Linux Elevation of Privilege Vulnerability
11Windows Update StackCVE-2020-0638Update Notification Manager Elevation of Privilege

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the Jan 2020 Patch here.

Also Read: What is the Difference Between Authentication vs Authorization?

Leave a Reply