January 14 Patch Tuesday is finally here and it brings a lot of security improvements on all Windows 10 versions.
While Microsoft’s latest security vulnerabilities regarding the crypt32.dll component of Windows grabbed all the attention, some people are worried about older threats that are, in one form or another, still present.
Windows 10 and Windows Server are vulnerable
Here’s what one concerned user is saying:
I’m surprised I’m not seeing any mention of CVE-2020-0609 and 0610 “Microsoft Windows Remote Desktop Gateway allows for unauthenticated remote code execution“
Yes, that’s right, there are some RDP (Remote Desktop Protocol) vulnerabilities that are getting patched, and they’re very similar with last year’s BlueKeep.
Before you panic, know that they aren’t nearly as big or as dangerous as BlueKeep. For more context, here are the 5 bug fixes that are getting resolved in this months Patch Tuesday:
- Remote Desktop Gateway Server – CVE-2020-0609, CVE-2020-0610, CVE-2020-0612
- Remote Desktop Web Access – CVE-2020-0637
- Remote Desktop Client – CVE-2020-0611
Update your Windows right now to avoid malware attacks
You should know that these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system, so the best thing is to update right away.
While the Remote Desktop Gateway and Web Access services are strictly related to Windows Server, the Remote Desktop Client is present on all Windows versions, so CVE-2020-0611 can be a real threat for anyone.
To avoid any malware, data theft, or any other security risks, update your version of Windows to the latest available. You can do that automatically, through Windows Update, or manually, directly from Microsoft Update Catalog.
What do you think about the RDP vulnerabilities? Share your thoughts in the comments section below.
- Best practices for Microsoft Patch Tuesday
- Exploit Wednesday & Uninstall Thursday: Stay safe after Patch Tuesday
- How does Patch Tuesday work?