Skip to main content
NewsPatch ManagementPatch Tuesday

Microsoft’s January 2020 Patch Tuesday Resolves 49 Vulnerabilities

By January 14, 2020June 22nd, 2022No Comments
||

Microsoft’s January 2020 Patch Tuesday Resolves 49 Vulnerabilities

The official Patch Tuesday updates have arrived for January, including 49 vulnerability fixes. Today also marks the official end-of-life for Windows 7.
[vc_empty_space]
[vc_single_image image=”36712″ img_size=”full”]

Exploring the Latest Patch Tuesday Updates

For the first month of the decade, Microsoft released 49 updates.

There are 8 Critical with the remaining 41 marked Important and 2 which we would consider Zero Day / 0-Day. Of the 41 Important updates, 21 are marked as CVSS score High.

End of an Era

Windows 7 and Windows Server 2008 (including R2) has become end-of-life for general release of patches as of today.

In this release, there is a modest number of these, which we highly recommend you install as soon as possible. If you have not already done so, you should be looking at migrating to another operating systems (e.g. Windows 10 for continued support).

Zero Day Patches for Windows Remote Desktop Gateway

CVE-2020-0609 and CVE-2020-0610 have CVSS scores of 9.8. These are urgent because this vulnerability is pre-authentication and requires no user interaction—it impacts Windows Server from 2012 onwards.

There are no counter measures available for this threat, therefore deploying these updates should be your IT Security Managers highest priority.

Urgent Patch Priority

The following patches have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these between 7.8 and up to 8.1. This would indicate these are important enough to prioritize.

  • CVE-2020-0601
  • CVE-2020-0613
  • CVE-2020-0614
  • CVE-2020-0620
  • CVE-2020-0623
  • CVE-2020-0624
  • CVE-2020-0625
  • CVE-2020-0626
  • CVE-2020-0627
  • CVE-2020-0628
  • CVE-2020-0629
  • CVE-2020-0630
  • CVE-2020-0631
  • CVE-2020-0632
  • CVE-2020-0633
  • CVE-2020-0634
  • CVE-2020-0635
  • CVE-2020-0636
  • CVE-2020-0638
  • CVE-2020-0641
  • CVE-2020-0642

Based on those CVSS scores, these patches rank alongside some of Critical ones ranked by Microsoft.

Robert Brown, Director of Services for Syxsense said, “CVE-2020-0601 relates to CryptoAPI spoofing vulnerability, which has a CVSS score of 8.1. Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations install these critical patches as soon as possible.”

Latest Adobe Updates

Adobe have released only 2 Critical updates for Illustrator CC and Experience Manager today. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

January 2020 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations to prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponised Syxsense Recommended
CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0606 .NET Framework Remote Code Execution Injection Vulnerability Critical TBC No No No Yes
CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability Critical TBC No No No Yes
CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Important 8.1 No No No Yes
CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0624 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0635 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0642 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0644 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability Important 5.7 No No No
CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0608 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0617 Hyper-V Denial of Service Vulnerability Important 5.3 No No No
CVE-2020-0621 Windows Security Feature Bypass Vulnerability Important 4.4 No No No
CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability Important TBC No No No
CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability Important TBC No No No
CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability Important TBC No No No
CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important TBC No No No
CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBC No No No

Leave a Reply