All organizations are urged to apply the January 14 Microsoft Windows critical patches as soon as possible. Do not delay. HIPAA-covered entities, and others that interact with Federal agencies, are required to patch promptly.
49 Vulnerabilities Patched
According to DHS, the patch addresses 49 vulnerabilities, including “critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections.”
The patch includes software fixes for vulnerabilities in:
- Windows Remote Desktop client (affecting all supported versions of Windows, including Server)
- RDP Gateway Server (affecting Server 2012, 2016, 2019)
- Certificate validation for Windows 10, Server 2016, and Server 2019
- And also OneDrive for Android, Internet Explorer, MS Dynamics, MS Office, .NET Core, .NET Framework
- Microsoft January 2020 Security Updates release notes
- CISA Activity Alert 20-014A
- CISA Blog Post
- DHS Emergency Directive
If you need assistance, feel free to contact us at Codestar.