Microsoft Patch Tuesday on 1/14/20 becomes Patch Nightmare
Critical vulnerabilities (8)
CVE-2020-0609 and CVE-2020-0610 are remote code execution vulnerabilities in the Windows Remote Desktop Protocol Gateway Server.
CVE-2020-0611 is a remote code execution vulnerability in the Windows Remote Desktop Protocol client.
CVE-2020-0640 is a memory corruption vulnerability that exists in the way the Internet Explorer web browser handles objects in memory. Talos’s rule release:
Microsoft Vulnerability CVE-2020-0601: GID 1, SIDs 52593 through 52596 (enabled in there SoC rule set)
Microsoft Vulnerability CVE-2020-0634: GID 1, SIDs 52604 through 52605 (enabled in the Balanced rule set)
Talos also has added and modified multiple rules in the app-detect, browser-chrome, browser-ie, browser-webkit, exploit-kit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Important vulnerabilities (41)
CVE-2020-0601 is a spoofing vulnerability in Windows CryptoAPI. The specific component, crypt32.dll, improperly validates Elliptic Curve Cryptography certificates.
CVE-2020-0616 is a denial-of-service vulnerability in Windows due to the way the operating system handles hard links.
CVE-2020-0654 is a vulnerability in the OneDrive app for Android devices that could allow an attacker to bypass certain security features.
The other important vulnerabilities are: