Security Alert: Windows Server Vulnerability

A critical vulnerability alert released January 14, 2020, by the National Security Agency (NSA) notifies system users and administrators of a vulnerability affecting Windows 10 and Windows 2016/2019. Any systems using the affected operating systems must be patched immediately.  

Patch Critical for Microsoft Windows Server 2016/2019 Systems 

Microsoft Windows Server 2016/2019 and Microsoft Windows 10 have been hit with a critical vulnerability (CVE-2020-0601) that corrupts cryptographic functionality. The vulnerability is exploited by creating falsified trust within Windows verifications. Through the falsified trust, attackers can defeat trusted network connections (like TSL and SSL) and enable remote code execution. The executable code is then delivered as a trusted entity and goes undetected within the system.  

For example, an attacker can pose as a trusted source through the newly-discovered vulnerability to inject input into a file and execute it through the programming language’s parser. Even though the system is entirely corrupted, files would be executed, and the injection would be believed to be authentic. The NSA report states that the vulnerability affects validations of trust, including signed files and email, signed executable code launched as user-mode processes, and HTTPS connections.  

How to mitigate the Windows Server vulnerability 

The NSA report states, “The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.” 

It is important that you patch your systems as soon as possible. It is recommended that you prioritize patching endpoints that provide essential services, including:  

• Web servers 
• Proxies that perform TLS validation 
• DNS servers 
• Domain controllers 
• VPN servers 
• IPSec negotiation 
• Windows-based web appliances.   

For more information, you can read the full description of the Windows 10 and Windows Server 2016/2019 critical vulnerability on NIST’s National Vulnerability Database.  

As always, if you have questions about this notification or anything else related to your VPS.NET hosting account, please contact our technical support team. They are available to answer any questions you may have. 

The recently updated Windows system notice can be seen below.  

______________________________________________________________________________

CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability 

Security Vulnerability 

Published: 01/14/2020 | Last Updated : 01/14/2020 
MITRE CVE-2020-0601 

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. 

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. 

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. 

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.