The vulnerabilities
Tracked as CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611, these vulnerabilities were announced along with patches on 15 January 2020 (AEDT) as part of Microsoft's January 2020 security updates.
CVE-2020-0601 – Important
The certificate validation vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. It could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution. This Microsoft security patch also creates a new log event with event ID 1 in the Windows Application event log to record the attempted exploitation of this vulnerability.
CVE-2020-0609 and CVE-2020-0610 – Critical
CVE-2020-0609 and CVE-2020-0610 both contain a remote code execution vulnerability which exists in Windows Remote Desktop Gateway (RD Gateway) where an unauthenticated attacker can connect to the RD Gateway over RDP and send specially crafted requests to the target system. This can allow a malicious actor to install software, modify/create user accounts, or modify data on the RD Gateway.
CVE-2020-0611 - Critical
CVE-2020-0611 is a remote code execution vulnerability which exists in the Windows Remote Desktop Client. When a user connects to a malicious server via RDP, an attacker could exploit this vulnerability and execute arbitrary code on the connecting computer as the user. This can allow an adversary to install software, modify/create user accounts, or modify data on a client's computer.
Affected products and version
CVE-2020-0601
- Windows 10
- Windows Server 2016
- Windows Server 2019
CVE-2020-0609 and CVE-2020-0610
- Affects all supported Windows Server versions where Remote Desktop Gateway is installed.
CVE-2020-0611
- All supported versions of Windows Server and Desktop, including Windows 7 and Windows 2008 R2 which became end of life on 14 January 2020.