Security News > 2020 > January > Warning: Quickly Patch A New Critical Windows 10 Flaw Discovered by the NSA
What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency of the United States.
What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017.
Besides Windows CryptoAPI spoofing vulnerability that has been rated 'important' in severity, Microsoft has also patched 48 other vulnerabilities, 8 of which are critical and rest all 40 are important.
There is no mitigating or workaround available for this vulnerability, so you're highly recommended to install the latest software updates by heading on to your Windows Settings Update & Security Windows Update clicking 'Check for updates on your PC.'.
Other Critical RCE Flaws in Windows Two of the critical issues affect Windows Remote Desktop Gateway, tracked as CVE-2020-0609 and CVE-2020-0610, that can be exploited by unauthenticated attackers to execute malicious code on targeted systems just by sending a specially crafted request via RDP. "This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system," the advisory says.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/2Y3EaAqjlSU/warning-quickly-patch-new-critical.html
Related news
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- New Windows 10 22H2 beta fixes memory leaks and crashes (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Proof-of-concept code released for zero-click critical IPv6 Windows hole (source)
- Windows 10 KB5041582 update released with 5 changes and fixes (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-0609 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 10.0 |
| 2020-01-14 | CVE-2020-0610 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 10.0 |