Microsoft January 2020 Patch Tuesday fixes 49 security bugs
Today's patches also fix a major vulnerability in Windows' cryptographic library.
Microsoft has released today the January 2020 Patch Tuesday security updates. This month's updates include fixes for 49 vulnerabilities, of which eight are rated with a severity rating of "critical."
By far, today's most notable patched bug is a vulnerability in CryptoAPI (Crypt32.dll), the default Windows cryptographic library, a bug that was discovered and reported to Microsoft by the NSA.
The bug (CVE-2020-0601) is considered as bad as it gets. It can allow a threat actor to fake file signatures and launch man-in-the-middle attacks on encrypted HTTPS communications. See our previous coverage on this bug for additional details here.
But besides this bug, there are also two other important issues that will need patching. These two bugs both impact Windows Server 2016 and Windows Server 2012.
According to Microsoft, the Windows Remote Desktop Gateway (RD Gateway) component running on these systems is vulnerable to a remote code execution flaw that allows attackers to take over vulnerable Windows servers by initiating an RDP connection and sending specially crafted requests.