Microsoft Patch Tuesday on 1/14/20 becomes Patch Nightmare

Be the first to comment.

Microsoft’s updates on Tuesday 1/14/20 created serious vunerablitites across the board. It was SO serious that Microsoft secretly pushed out an update later that same night to the U.S. Military. There were a total of 49 vulnerabilities, eight of which are considered critical.
You can fix this with Cisco Firepower,  but first understand that you are NOT protected if you are using the default Snort rule set, which is the one Cisco recommends of Balanced Security and Connectivity! Why? Because the rules needed to solve this issue are high overhead and disabled (read my other post on why this is: https://bit.ly/2FU6vQs
…and based on my other post and recommendations, if you were using Security over Connectivity, you would have been protected by default!
I will always recommend using SoC IPS base policy, but it does mean you have some network analysis you need to do…..
Here are the details of the MS update:
In all, this release includes 22 new rules and five modified rules.

Critical vulnerabilities (8)

CVE-2020-0603CVE-2020-0605CVE-2020-0606 and CVE-2020-0646 are all remote code execution vulnerabilities in the .NET and ASP.NET core software.
CVE-2020-0609 and CVE-2020-0610 are remote code execution vulnerabilities in the Windows Remote Desktop Protocol Gateway Server.
CVE-2020-0611 is a remote code execution vulnerability in the Windows Remote Desktop Protocol client.
CVE-2020-0640  is a memory corruption vulnerability that exists in the way the Internet Explorer web browser handles objects in memory. Talos’s rule release:

Microsoft Vulnerability CVE-2020-0601:  GID 1, SIDs 52593 through 52596 (enabled in there SoC rule set)

Microsoft Vulnerability CVE-2020-0634:  GID 1, SIDs 52604 through 52605 (enabled in the Balanced rule set)

Talos also has added and modified multiple rules in the app-detect, browser-chrome, browser-ie, browser-webkit, exploit-kit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Important vulnerabilities (41)

CVE-2020-0601 is a spoofing vulnerability in Windows CryptoAPI. The specific component, crypt32.dll, improperly validates Elliptic Curve Cryptography certificates.

CVE-2020-0616 is a denial-of-service vulnerability in Windows due to the way the operating system handles hard links.

CVE-2020-0654 is a vulnerability in the OneDrive app for Android devices that could allow an attacker to bypass certain security features.

The other important vulnerabilities are:

Leave a Reply

Your email address will not be published. Required fields are marked *