Microsoft publishes its security advisories warning billions of users of 49 new vulnerabilities in its various products.
The most important part of the update is that it patches a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that were discovered and reported to Microsoft by the National Security Agency (NSA) of the united states.
The flaw dubbed as ‘CVE-2020-0601’, resides in the Crypt32.dll module that contains various certificates and cryptographic messaging functions used by Windows Crypto API for handling encryption and decryption of data. The issue resides in the method of validation of Elliptic Curve Cryptography (ECC) certificates which is the industry standard for public-key cryptography.
There are two critical issues that affect Windows Remote Desktop Gateway (RD Gateway), CVE-2020-0609 and CVE-2020-0610. These vulnerabilities can be exploited by unauthenticated attackers to execute malicious codes on targeted systems by simply sending a specially crafted RDP request. NPAV recommends using genuine operating systems and keeping them updated as the updates make sure that there is no loophole in the security modules.
Use NPAV and join us on a mission to secure the cyber world.