Install patches of Microsoft for CryptoAPI and RDP Gateway

Microsoft has published patches for recent versions of Microsoft Windows.These patches contain important updates which the NCSC has marked as "high/high". These patches should be installed with priority. These patches address vulnerabilities in Windows CryptoAPI and Windows RDP Gateway Server.

Windows CryptoAPI Vulnerability (CVE-2020-0601)

With the Windows CryptoAPI vulnerability, CVE-2020-0601, an adversary can generate Elliptic Curve Cryptography (ECC) certificates that will be accepted as valid certificates by Windows. These certificates can then be used for encrypting network traffic, or for signing executables. With these certificates an adversary can perform a man-in-the-middle attack on network connections, or create malicious executables with valid certificates. Other software that uses the CryptoAPI for validating ECC-certificates is possibly also vulnerable.

The patch for CVE-2020-0601 ensures that ECC-certificates are completely validated. These certificates can then no longer be used for performing a man-in-the-middle attack. Malicious executables with these specific certificates will generate entries in the Windows Logs. NCSC advises to monitor for these entries in the Windows Logs after installing the patch.

Software using the CryptoAPI will get correct results when validating ECC-certificates.

UPDATE: The CryptoAPI vulnerability  (CVE-2020-0601) is only present in Windows 10 and Windows Server 2016 & 2019. Other versions of Windows do not have this vulnerability.

Windows RDP Gateway Vulnerabilities (CVE-2020-0609, CVE-2020-0610 and CVE-2020-0612)

The Windows RDP Gateway Vulnerabilities, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0612, enable an adversary to attack RDP Gateway servers. The first two vulnerabilities allow an adversary to perform remote code execution on the RDP Gateway server. An adversary can then gain access to local networks and systems. The third vulnerability allows an adversary to perform a Denial-of-Service attack on the RDP Gateway server.

The update addresses the vulnerabilities by correcting how RDP Gateway handles connection requests.

UPDATE: Consider the necessity of having RDP on the publicly accessible internet. Abuse of RDP can have severe impact, even if the application is up-to-date. At the same time, it offers management functionality that is not necessarily required to be accessible from the internet. NCSC advises to investigate where your organization uses RDP, and to consider whether the benefits outweigh the risks in this case.


Updates around news item