News

Install security updates from first Microsoft Patch Tuesday as soon as possible

Microsoft released a comprehensive set of security updates on the first patch Tuesday of last Tuesday, January 14, under the heading “2020-01 Cumulative Update for Windows 10 Version [windows versie] for x64 Systems (KB4528760)”.

This 2020-01 cumulative security update contains two very important fixes that need to be installed as soon as possible.

  1. Windows crypto API spoofing vulnerability
  2. Vulnerabilities in the Remote Desktop Gateway server and RDP client software

The first fix is intended for windows 10 and windows server 2016/2019 and prevents secure connections using so-called ECC certificates from being counterfeited by users with malicious intent.

These include https connections, secure files and emails, and secure executables that appear to come from a trusted source but contain malware. Because the system automatically trusts these types of protected files, installation takes place without warning.

A website that is considered secure because the https connection to a trusted ECC certificate is protected can just be a malicious fishing site.

The second fix is intended to resolve problems with both the RDP (Remote desktop) client and the RDP gateway server and applies to the RDP client to windows 10 desktops and to the gateway server on windows server 2012R2 or later.

Abusing this vulnerability can cause an attacker to access the corporate network through an unpatched gateway server.

This is a bit like the recent problems with citrix software that also allow an attacker to access the internal network via an unpatched citrix system, which the hospital in leeuwarden was recently in the news with.

Dionar recommends installing security updates on both windows 10 desktops and windows 2012R2/2016/2019 servers this January as soon as possible, where it is best to start with the systems that are accessible from the Internet (web servers, RDP gateway servers) and then systems that frequently browse the Internet.

Systems that are not allowed on the Internet can then be tackled last.

When the systems are managed at dionar, we will provide the updates through our automated system.