Today’s VERT Alert addresses Microsoft’s January 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-866 on Wednesday, January 15th.
出回っている & 公開されているCVE
CVE-2020-0601
While there are no in-the-wild and disclosed CVEs in the January patch drop, there is a lot of discussion around CVE-2020-0601. The vulnerability allows for Elliptic Curve Cryptography (ECC) spoofing due to the way these certificates are validated. This vulnerability was reported to Microsoft by the NSA and rumors in various publications indicate that certain government agencies and enterprises were given advance notice of this vulnerability.
Microsoft has rated this as a 1 (Exploitation More Likely) on the latest software release on the Exploitability Index.
その他の情報
There were no new advisories released today. However, it is worth mentioning that today marks the final day of support for Windows 7, Windows Server 2008, and Windows Server 2008 R2. These platforms are now considered end of life and out of support.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
TAG |
CVE COUNT |
CVES |
WINDOWS UPDATE STACK |
1 |
CVE-2020-0638 |
WINDOWS HYPER-V |
1 |
CVE-2020-0617 |
WINDOWS SUBSYSTEM FOR LINUX |
1 |
CVE-2020-0636 |
ASP.NET |
2 |
CVE-2020-0602, CVE-2020-0603 |
MICROSOFT WINDOWS |
8 |
CVE-2020-0601, CVE-2020-0608, CVE-2020-0616, CVE-2020-0620, CVE-2020-0621, CVE-2020-0624, CVE-2020-0635, CVE-2020-0644 |
APPS |
1 |
CVE-2020-0654 |
.NET FRAMEWORK |
3 |
CVE-2020-0605, CVE-2020-0606, CVE-2020-0646 |
MICROSOFT GRAPHICS COMPONENT |
4 |
CVE-2020-0607, CVE-2020-0622, CVE-2020-0642, CVE-2020-0643 |
MICROSOFT SCRIPTING ENGINE |
1 |
CVE-2020-0640 |
COMMON LOG FILE SYSTEM DRIVER |
3 |
CVE-2020-0615, CVE-2020-0639, CVE-2020-0634 |
MICROSOFT DYNAMICS |
1 |
CVE-2020-0656 |
WINDOWS MEDIA |
1 |
CVE-2020-0641 |
MICROSOFT WINDOWS SEARCH COMPONENT |
12 |
CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633 |
MICROSOFT OFFICE |
5 |
CVE-2020-0647, CVE-2020-0650, CVE-2020-0651, CVE-2020-0652, CVE-2020-0653 |
WINDOWS RDP |
5 |
CVE-2020-0609, CVE-2020-0610, CVE-2020-0611, CVE-2020-0612, CVE-2020-0637 |
