Microsoft Security Update for January 2020 Fixes 49 Security Vulnerabilities

Microsoft Security Update for January 2020 Fixes 49 Security Vulnerabilities

January 31, 2020 | Adeline Zhang

Overview

Microsoft released the January security update on Tuesday, fixing 49 security issues ranging from simple spoofing attacks to remote code execution, discovered in products like .NET Framework, Apps, ASP.NET, Common Log File System Driver, Microsoft Dynamics, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Windows Hyper-V, Windows Media, Windows RDP, Windows Subsystem for Linux, and Windows Update Stack.

Of the vulnerabilities fixed by Microsoft’s this monthly update, a total of eight critical vulnerabilities exist in the .NET Framework, ASP.NET, Microsoft Scripting Engine, and Windows RDP. In addition, there are 41 important vulnerabilities.

Critical Vulnerabilities

The following are eight critical vulnerabilities covered in this update.

Windows RDP

  • CVE-2020-0609、CVE-2020-0610

These two remote code execution vulnerabilities in the Windows Remote Desktop Gateway (RD Gateway) could be exploited by unauthenticated attackers.

If the two vulnerabilities are exploited successfully, arbitrary code may be executed on the target system, allowing the attacker to install the program, view, change or delete data, or create a new account with full user rights.

To exploit this vulnerability, an attacker needs to send a specially crafted request to the RD gateway of the target system via RDP.

This update addresses these issues by correcting the way the RD gateway handles connection requests.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

  • CVE-2020-0611

This is a remote code execution vulnerability in Windows Remote Desktop clients.

An attacker who successfully exploited this vulnerability could execute arbitrary code on a user’s computer connected to a malicious server. After that, an attacker could install a malicious program, view, change, or delete data, or create a new account with full user rights.

To exploit this vulnerability, an attacker needs to take control of the server and then convinces a user to connect to the server. This vulnerability could be triggered if a user accesses a malicious server. Although attackers cannot force users to connect to malicious servers, they may entice users to connect through social engineering, DNS poisoning, or man-in-the-middle (MITM) technology. An attacker could also compromise a legitimate server, host malicious code on it, and wait for users to connect.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611

Microsoft Scripting Engine

  • CVE-2020-0640

This is a memory corruption vulnerability in the way Internet Explorer handles objects in memory. The vulnerability allows an attacker to execute arbitrary code in the context of the current user.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user logs in with administrative privileges, an attacker could take control of the affected system and may then install a malicious program, view, change or delete data, or create a new account with full user privileges.

An attacker could build a specially crafted website and then convince users to visit the website. However, attackers cannot force users to view malicious contents, but entice users by email or instant messaging instead.

Internet Explorer 9, 10, and 11 are affected.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640

ASP.NET and .NET Framework

  • CVE-2020-0603, CVE-2020-0605, CVE-2020-0606, and CVE-2020-0646

The above vulnerabilities are remote code execution vulnerabilities in .NET and ASP.NET Core software. These vulnerabilities can be triggered if a user opens a maliciously crafted file while using an affected .NET or ASP.NET Core version. With a successful exploitation, an attacker could execute arbitrary code in the context of the current user. These errors exist in the way the software handles memory objects.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646

Important Vulnerabilities

In addition to critical vulnerabilities, this update also fixes 41 important vulnerabilities, three of which require more attention as follows.

CVE-2020-0601

This is a spoofing vulnerability in Windows CryptoAPI. As the Elliptic Curve Cryptography certificate was incorrectly verified by crypt32.dll, an attacker could use this error to spoof a code signing certificate and secretly sign a file, making the file appear to come from a trusted source. Attackers could also use this vulnerability to conduct man-in-the-middle attacks and decrypt confidential information.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

CVE-2020-0616

This is a Microsoft Windows denial-of-service vulnerability. The vulnerability exists when Windows cannot properly handle hard links. An attacker who successfully exploits this vulnerability could cause the target system to stop responding.

An attacker must log in to the victim’s computer to exploit this vulnerability and then run a specially designed application that could allow the attacker to overwrite system files.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616

CVE-2020-0654

A security feature bypass vulnerability exists in Android’s Microsoft OneDrive application. This could allow an attacker to bypass the password or fingerprint of the application.

For more details about the vulnerabilities and download updates, please refer to Microsoft’s official security advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654

Remediation

Bugs fixed in this update are shown in the following table:

Product CVE ID CVE Title Severity Level
.NET Framework CVE-2020-0605 .NET Framework Remote code execution vulnerability Critical
.NET Framework CVE-2020-0606 .NET Framework Remote code execution vulnerability Critical
.NET Framework CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability Critical
Apps CVE-2020-0654 Microsoft OneDrive for Android Security feature bypass vulnerability Important
ASP.NET CVE-2020-0602 ASP.NET Core Denial of service vulnerability Important
ASP.NET CVE-2020-0603 ASP.NET Core Remote code execution vulnerability Critical
Common Log File System Driver CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability Important
Common Log File System Driver CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability Important
Common Log File System Driver CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Microsoft Dynamics CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Graphics Component CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0642 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability Important
Microsoft Office CVE-2020-0647 Microsoft Office Online Fraud Important
Microsoft Office CVE-2020-0650 Microsoft Excel Remote code execution vulnerability Important
Microsoft Office CVE-2020-0651 Microsoft Excel Remote code execution vulnerability Important
Microsoft Office CVE-2020-0652 Microsoft Office Memory corruption Important
Microsoft Office CVE-2020-0653 Microsoft Excel Remote code execution vulnerability Important
Microsoft Scripting Engine CVE-2020-0640 Internet Explorer Memory corruption Critical
Microsoft Windows CVE-2020-0601 Windows CryptoAPI Fraud Important
Microsoft Windows CVE-2020-0608 Win32k Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0616 Microsoft Windows Denial of service vulnerability Important
Microsoft Windows CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0621 Windows Security feature bypass vulnerability Important
Microsoft Windows CVE-2020-0624 Win32k Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0635 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0644 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2020-0617 Hyper-V Denial of service vulnerability Important
Windows Media CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability Important
Windows RDP CVE-2020-0609 Windows Remote Desktop Gateway (RD Gateway) Remote code execution vulnerability Critical
Windows RDP CVE-2020-0610 Windows Remote Desktop Gateway (RD Gateway) Remote code execution vulnerability Critical
Windows RDP CVE-2020-0611 Remote Desktop Client Remote code execution vulnerability Critical
Windows RDP CVE-2020-0612 Windows Remote Desktop Gateway (RD Gateway) Denial of service vulnerability Important
Windows RDP CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability Important
Windows Subsystem for Linux CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability Important

 

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0654
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
One Drive for Android Release Notes Security Update Important Security Feature Bypass Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-0656
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Dynamics 365 Field Service (on-premises) v7 series Relelase Notes Security Update Important Spoofing Base: N/A
Temporal: N/A
Vector: N/A
Maybe

 

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Download: Microsoft Security Update for January 2020 Fixes 49 Security Vulnerabilities