Operating System:

[Win]

Published:

15 January 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0006
                   Security update for Microsoft Windows
                              15 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Windows
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Increased Privileges            -- Remote with User Interaction
                      Denial of Service               -- Remote/Unauthenticated      
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote/Unauthenticated      
                      Reduced Security                -- Remote/Unauthenticated      
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-0644 CVE-2020-0643 CVE-2020-0642
                      CVE-2020-0641 CVE-2020-0639 CVE-2020-0638
                      CVE-2020-0637 CVE-2020-0636 CVE-2020-0635
                      CVE-2020-0634 CVE-2020-0633 CVE-2020-0632
                      CVE-2020-0631 CVE-2020-0630 CVE-2020-0629
                      CVE-2020-0628 CVE-2020-0627 CVE-2020-0626
                      CVE-2020-0625 CVE-2020-0624 CVE-2020-0623
                      CVE-2020-0622 CVE-2020-0621 CVE-2020-0620
                      CVE-2020-0617 CVE-2020-0616 CVE-2020-0615
                      CVE-2020-0614 CVE-2020-0613 CVE-2020-0612
                      CVE-2020-0611 CVE-2020-0610 CVE-2020-0609
                      CVE-2020-0608 CVE-2020-0607 CVE-2020-0601
Member content until: Friday, February 14 2020

Comment: This bulletin contains CVE-2020-0601, a code-signing spoof, which has 
         been widely reported in the news. This bulletin also contains 3 critical 
         unauthenticated access to RDP vulnerabilities:
         CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611.

OVERVIEW

        Microsoft has released its monthly security patch update for the month of 
        January 2020.
        
        This update resolves 36 vulnerabilities across the following products: [1]
        
         Windows 10 Version 1607 for 32-bit Systems
         Windows 10 Version 1607 for x64-based Systems
         Windows 10 Version 1709 for 32-bit Systems
         Windows 10 Version 1709 for ARM64-based Systems
         Windows 10 Version 1709 for x64-based Systems
         Windows 10 Version 1803 for 32-bit Systems
         Windows 10 Version 1803 for ARM64-based Systems
         Windows 10 Version 1803 for x64-based Systems
         Windows 10 Version 1809 for 32-bit Systems
         Windows 10 Version 1809 for ARM64-based Systems
         Windows 10 Version 1809 for x64-based Systems
         Windows 10 Version 1903 for 32-bit Systems
         Windows 10 Version 1903 for ARM64-based Systems
         Windows 10 Version 1903 for x64-based Systems
         Windows 10 Version 1909 for 32-bit Systems
         Windows 10 Version 1909 for ARM64-based Systems
         Windows 10 Version 1909 for x64-based Systems
         Windows 10 for 32-bit Systems
         Windows 10 for x64-based Systems
         Windows 7 for 32-bit Systems Service Pack 1
         Windows 7 for x64-based Systems Service Pack 1
         Windows 8.1 for 32-bit systems
         Windows 8.1 for x64-based systems
         Windows RT 8.1
         Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server 
         Core installation)
         Windows Server 2008 for 32-bit Systems Service Pack 2
         Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core 
         installation)
         Windows Server 2008 for Itanium-Based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core 
         installation)
         Windows Server 2012
         Windows Server 2012 (Server Core installation)
         Windows Server 2012 R2
         Windows Server 2012 R2 (Server Core installation)
         Windows Server 2016
         Windows Server 2016 (Server Core installation)
         Windows Server 2019
         Windows Server 2019 (Server Core installation)


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2020-0601   Spoofing                 Important
         CVE-2020-0607   Information Disclosure   Important
         CVE-2020-0608   Information Disclosure   Important
         CVE-2020-0609   Remote Code Execution    Critical
         CVE-2020-0610   Remote Code Execution    Critical
         CVE-2020-0611   Remote Code Execution    Critical
         CVE-2020-0612   Denial of Service        Important
         CVE-2020-0613   Elevation of Privilege   Important
         CVE-2020-0614   Elevation of Privilege   Important
         CVE-2020-0615   Information Disclosure   Important
         CVE-2020-0616   Denial of Service        Important
         CVE-2020-0617   Denial of Service        Important
         CVE-2020-0620   Elevation of Privilege   Important
         CVE-2020-0621   Security Feature Bypass  Important
         CVE-2020-0622   Information Disclosure   Important
         CVE-2020-0623   Elevation of Privilege   Important
         CVE-2020-0624   Elevation of Privilege   Important
         CVE-2020-0625   Elevation of Privilege   Important
         CVE-2020-0626   Elevation of Privilege   Important
         CVE-2020-0627   Elevation of Privilege   Important
         CVE-2020-0628   Elevation of Privilege   Important
         CVE-2020-0629   Elevation of Privilege   Important
         CVE-2020-0630   Elevation of Privilege   Important
         CVE-2020-0631   Elevation of Privilege   Important
         CVE-2020-0632   Elevation of Privilege   Important
         CVE-2020-0633   Elevation of Privilege   Important
         CVE-2020-0634   Elevation of Privilege   Important
         CVE-2020-0635   Elevation of Privilege   Important
         CVE-2020-0636   Elevation of Privilege   Important
         CVE-2020-0637   Information Disclosure   Important
         CVE-2020-0638   Elevation of Privilege   Important
         CVE-2020-0639   Information Disclosure   Important
         CVE-2020-0641   Elevation of Privilege   Important
         CVE-2020-0642   Elevation of Privilege   Important
         CVE-2020-0643   Information Disclosure   Important
         CVE-2020-0644   Elevation of Privilege   Important


MITIGATION

        Microsoft recommends updating the software with the version made available 
        on the Microsoft Update Catalogue for the following Knowledge Base articles.[1].
        
        
         KB4534297, KB4534310, KB4534293, KB4534309, KB4534271
         KB4534273, KB4534306, KB4534314, KB4534288, KB4528760
         KB4534303, KB4534276, KB4534312, KB4534283


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXh5zVmaOgq3Tt24GAQhoHw/8D6BoxhyqGzWe/STxxLPr+Y2WNksGRCrF
pAqKvKvcyxmjKP/g+Cel7YUygn/FlyMr8I0wMTwUbyyhCVgZD3JDpHX/tvq70nTQ
3ukIPNZqVaC7XQUhh+khUzwb0YtPNFcagYtDqBWOwTxueEegw2qCbNkFOtAyTNVn
cKT2gUMzEtz3kbPZL6ymAUx0hUokZTraUE0ln+4HBiUU73fYkKvW1AAKPVctHVKJ
xZeHVi9mvL+v130DJ5BVm5Qm0fYiRarTvUBW6rNsMoRaXRiCKcb9r/jwJzGV0Hjy
F4cmH21KI17potD35CA3A/dkmCvI6Kz9ptBUIO/z+2MzP0QmaAs87MVvAiwbKnKM
4DF2+4YAkV5ORvOBmRNi2asTwdfNWIGCLJFQeCAUt1Zjt/+ZmKIhJapRr84b5/PI
RLWflMaTaKP9UHdf9l2N/+VK6BZM3ARKpvhka+M+kOzHFyY8GDgSiJr0HTQELuNP
OvhiDUXS0nwqWZFVuPZg/BtjiWg+IPK4KQE7oYVdx6LSFHHiSPWlK8brSoyEgMaN
eMTjuqUgG52ZruNi0iyuPa7DmTXQPRl0EozEbOkTU6n4z66g3dxG6w302Qa5ZPfz
fI4gT1JHekO1Jl4slKz6Av28iiJL53ltqcp+jZ782NYDKNYPOjJtrb7wTJHESO4Q
nC5N0/uVVaY=
=8UaX
-----END PGP SIGNATURE-----