Security News > 2020 > January > Warning: Quickly Patch A New Critical Windows 10 Flaw Discovered by the NSA
What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency of the United States.
What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017.
Besides Windows CryptoAPI spoofing vulnerability that has been rated 'important' in severity, Microsoft has also patched 48 other vulnerabilities, 8 of which are critical and rest all 40 are important.
There is no mitigating or workaround available for this vulnerability, so you're highly recommended to install the latest software updates by heading on to your Windows Settings Update & Security Windows Update clicking 'Check for updates on your PC.'.
Other Critical RCE Flaws in Windows Two of the critical issues affect Windows Remote Desktop Gateway, tracked as CVE-2020-0609 and CVE-2020-0610, that can be exploited by unauthenticated attackers to execute malicious code on targeted systems just by sending a specially crafted request via RDP. "This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system," the advisory says.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/2Y3EaAqjlSU/warning-quickly-patch-new-critical.html
Related news
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla warns Windows users of critical Firefox sandbox escape flaw (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-0609 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |
| 2020-01-14 | CVE-2020-0610 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |