Security News > 2020 > January > Microsoft fixes critical bugs in CryptoAPI, RD Gateway and .NET
The CryptoAPI cryptographic bug that Microsoft reported in its Patch Tuesday release yesterday was so big that it warranted its own story.
Among the most serious bugs were remote code execution flaws affecting the Windows Remote Desktop Gateway, which is a Microsoft service that lets authorised remote users connect to resources on a network via the Remote Desktop Connection client.
These pre-authentication bugs don't require any user interaction to exploit, and involve an attacker sending a specially crafted request via RDP. Labelled CVE-2020-0609 through 11, the bugs affect Windows Server 2012 and 2012 R2, along with Windows Server 2016 and 2019.
There were several other critical bugs in Microsoft's patch this month, all overshadowed by the cryptographic whopper that we cover elsewhere but still important to everyday users and admins.
The.NET framework had its fair share of critical bugs this month.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-0609 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 10.0 |