Security News > 2020 > January > Microsoft fixes critical bugs in CryptoAPI, RD Gateway and .NET

Microsoft fixes critical bugs in CryptoAPI, RD Gateway and .NET
2020-01-15 12:10

The CryptoAPI cryptographic bug that Microsoft reported in its Patch Tuesday release yesterday was so big that it warranted its own story.

Among the most serious bugs were remote code execution flaws affecting the Windows Remote Desktop Gateway, which is a Microsoft service that lets authorised remote users connect to resources on a network via the Remote Desktop Connection client.

These pre-authentication bugs don't require any user interaction to exploit, and involve an attacker sending a specially crafted request via RDP. Labelled CVE-2020-0609 through 11, the bugs affect Windows Server 2012 and 2012 R2, along with Windows Server 2016 and 2019.

There were several other critical bugs in Microsoft's patch this month, all overshadowed by the cryptographic whopper that we cover elsewhere but still important to everyday users and admins.

The.NET framework had its fair share of critical bugs this month.


News URL

https://nakedsecurity.sophos.com/2020/01/15/microsoft-fixes-critical-bugs-in-cryptoapi-rd-gateway-and-net/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-01-14 CVE-2020-0609 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'.
network
low complexity
microsoft
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399