Microsoft Announces January Security Patches

by Richard Charlton
Senior Systems Engineer

Yesterday, Microsoft released the latest patches for its Windows Operating Systems and Microsoft Office products. These address several security vulnerabilities as well as containing bug fixes.

Most notably this month is a patch for Windows CryptoAPI Spoofing Vulnerability which has been catalogued as CVE-2020-0601. This vulnerability exists in all versions of Windows and may allow an attacker to trick a user into installing malicious software by impersonating a code signing certificate of a reputable vendor.

Another high priority vulnerability relates to Remote Desktop Gateway in all versions of Windows Server. Catalogued as CVE-2020-0637, this vulnerability could allow a successful attacker to obtain legitimate user credentials from Remote Desktop Web Access due to it improperly handling credential information.

Finally, several vulnerabilities have been found in Microsoft Office that may allow for arbitrary code execution if a user is tricked into opening a malicious file.

As always, Helient recommends testing and installing Microsoft patches in a timely manner as part of a regular patch cycle. In the interim, users should continue to use caution when receiving files from unknown sources.

This month’s vulnerabilities were not disclosed prior to the release of the patches and there are no known exploits at this time.

Further details regarding this month’s patches can be found at:

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan

If you would like more information or assistance from our industry-leading team of experts, please contact us at service@helient.com.