Critical Patches Issued for Microsoft Products, January 14, 2020

ITS ADVISORY NUMBER: 
2020-005

DATE(S) ISSUED: 
Tuesday, January 14, 2020

SUBJECT: 
Critical Patches Issued for Microsoft Products, January 14, 2020

OVERVIEW: 
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:

Due to the critical vulnerability CVE-2020-0601 included in this roll up in which addresses a certificate validation vulnerability in the cryptographic library crypt32.dll we strongly advise patching all affected systems immediately.  For more information on this vulnerability see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

SYSTEMS AFFECTED: 

  • .NET Core 2.1, 3.0, 3.1
  • ASP.NET Core 2.1, 3.0, 3.1
  • Dynamics 365 Field Service
  • Internet Explorer 10, 11, 9
  • Microsoft .NET Framework 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
  • Microsoft Excel 2010, 2013, 2013 RT, 2016
  • Microsoft Office 2010, 2013, 2016, 2019
  • Office 365
  • Office Online Server
  • One Drive for Android
  • Windows 10, 7, 8.1
  • Windows RT 8.1
  • Windows Server 2008 R2, 2008, 2012, 2012 R2, 2016, 2019
  • Windows Server, version 1803, 1903, 1909

RISK:
Government:
Large and medium government entities: High
Small government entities: High

Business:
Large and medium business entities: High
Small business entities: High

Home Users: High

DESCRIPTION: 
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.  

A full list of all vulnerabilities can be found at the link below.

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

ACTIONS: 

  • After appropriate testing, immediately apply patches or mitigations provided by Microsoft to vulnerable systems. 
  • Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.  
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES: 

Microsoft:
https://portal.msrc.microsoft.com/en-us/security-guidance
https://portal.msrc.microsoft.com/en-us/security-guidance/summary

NSA:
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-...

CISA:
https://cyber.dhs.gov/ed/20-02/
https://www.us-cert.gov/ncas/alerts/aa20-014a

CVES:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0656