Security News > 2020 > January > Warning: Quickly Patch A New Critical Windows 10 Flaw Discovered by the NSA
What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency of the United States.
What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017.
Besides Windows CryptoAPI spoofing vulnerability that has been rated 'important' in severity, Microsoft has also patched 48 other vulnerabilities, 8 of which are critical and rest all 40 are important.
There is no mitigating or workaround available for this vulnerability, so you're highly recommended to install the latest software updates by heading on to your Windows Settings Update & Security Windows Update clicking 'Check for updates on your PC.'.
Other Critical RCE Flaws in Windows Two of the critical issues affect Windows Remote Desktop Gateway, tracked as CVE-2020-0609 and CVE-2020-0610, that can be exploited by unauthenticated attackers to execute malicious code on targeted systems just by sending a specially crafted request via RDP. "This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system," the advisory says.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/2Y3EaAqjlSU/warning-quickly-patch-new-critical.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-0609 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |
| 2020-01-14 | CVE-2020-0610 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |