{"id":6696,"date":"2020-01-20T18:32:49","date_gmt":"2020-01-20T21:32:49","guid":{"rendered":"https:\/\/www.certisur.com\/?page_id=6696"},"modified":"2023-05-02T17:08:12","modified_gmt":"2023-05-02T20:08:12","slug":"windows-critical-vulnerabilities","status":"publish","type":"page","link":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/","title":{"rendered":"Windows Critical Vulnerabilities"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"6696\" class=\"elementor elementor-6696 elementor-6695\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cc9c265 cs-elementor-noticia-header elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc9c265\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-07d5b79\" data-id=\"07d5b79\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-977de0b elementor-widget elementor-widget-heading\" data-id=\"977de0b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Windows Critical Vulnerabilities<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fdd2c6d elementor-widget elementor-widget-text-editor\" data-id=\"fdd2c6d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft has released critical security updates on Windows: <strong>CVE-2020-0601- <\/strong>Windows CryptoAPI Spoofing Vulnerability<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6251c41 cs-elementor-noticia-header-date elementor-widget elementor-widget-text-editor\" data-id=\"6251c41\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t20 January, 2020\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d15bf8 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5d15bf8\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4e935f14 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4e935f14\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2d9d657e\" data-id=\"2d9d657e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4bc45069 elementor-widget elementor-widget-text-editor\" data-id=\"4bc45069\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Systems affected by vulnerabilities<\/strong><\/p>\n<p>The <a href=\"https:\/\/msrc-blog.microsoft.com\/2020\/01\/14\/january-2020-security-updates-cve-2020-0601\/\">CVE-2020-0601<\/a> vulnerabilities affect the following versions of Windows:<\/p>\n<ul>\n<li>Microsoft Windows 10, in various versions or editions. See listing <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601\">here<\/a><\/li>\n<li>Microsoft Windows Server 2016 and Windows Server 2016 (Server Core installation).<\/li>\n<li>Microsoft Windows Server 2019 and Windows Server 2019 (Server Core installation).<\/li>\n<\/ul>\n<p><strong>Impact<\/strong><\/p>\n<p>Exploiting the CVE-2020-0601 vulnerabilities could result in arbitrary code execution on the vulnerable Windows system and may also allow man-in-the-middle attacks on encrypted connections.<\/p>\n<p>Microsoft CryptoAPI could accept cryptographic objects signed with a counterfeit version of a certificate, therefore it could ignore warnings and errors in code signed signed executables or other signed objects. An attacker could:<\/p>\n<ul>\n<li>install malicious programs, view, change or delete data, create user accounts and take full control of the affected resource.<\/li>\n<li>Sign a malicious executable, perform MITM attacks, and decrypt confidential information about users&#8217; connections to affected software.<\/li>\n<li>disclose confidential information,<\/li>\n<li>cause denial of service,<\/li>\n<li>execute remote codes,<\/li>\n<li>impersonate identities, etc.<\/li>\n<\/ul>\n<p><strong>Solution and Prevention<\/strong><\/p>\n<p>Microsoft has released software updates to address critical vulnerabilities. Its application in the different operating systems is recommended. They can be found at the following links:<\/p>\n<ul>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601\">https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601<\/a><\/li>\n<\/ul>\n<p>In addition, as a preventive measure it is recommended:<\/p>\n<ul>\n<li>Run all software as a non-privileged user with minimal access rights.<\/li>\n<li>Implement network intrusion detection systems and monitor network traffic for malicious activity.<\/li>\n<li>Do not accept or run files from unknown or untrusted sources.<\/li>\n<li>Route traffic through proxy devices, which perform TLS inspection. Use packet capture analysis tools, such as Wireshark, to analyze and extract certificates to determine their validity.<\/li>\n<\/ul>\n<p>It is also recommended not to publish the RDP protocol to the internet; If it is necessary to access by RDP, it is recommended to do it through a VPN connection.<\/p>\n<p><strong>It is recommended to apply the security updates as soon as possible.<\/strong><\/p>\n<p>Additional Information:<\/p>\n<ul>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0601\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0601<\/a><\/li>\n<li><a href=\"https:\/\/media.defense.gov\/2020\/Jan\/14\/2002234275\/-1\/-1\/0\/CSA-WINDOWS-10-CRYPT-LIB20190114.PDF\">https:\/\/media.defense.gov\/2020\/Jan\/14\/2002234275\/-1\/-1\/0\/CSA-WINDOWS-10-CRYPT-LIB20190114.PDF<\/a><\/li>\n<\/ul>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability Systems affected by vulnerabilities The CVE-2020-0601 vulnerabilities affect the following versions of Windows: Microsoft Windows 10, in various versions or editions. See listing here Microsoft Windows Server 2016 and Windows Server 2016 (Server Core installation). Microsoft Windows Server 2019 and Windows Server [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":4975,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[69],"class_list":["post-6696","page","type-page","status-publish","hentry","category-news"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CertiSur<\/title>\n<meta name=\"description\" content=\"Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows Critical Vulnerabilities CVE-2020-0601- CertiSur\" \/>\n<meta property=\"og:description\" content=\"Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"CertiSur\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CertiSur\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-02T20:08:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@CertiSur\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/\",\"url\":\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/\",\"name\":\"Windows Critical Vulnerabilities CVE-2020-0601- CertiSur\",\"isPartOf\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#website\"},\"datePublished\":\"2020-01-20T21:32:49+00:00\",\"dateModified\":\"2023-05-02T20:08:12+00:00\",\"description\":\"Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"News\",\"item\":\"https:\/\/www.certisur.com\/en\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows Critical Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.certisur.com\/en\/#website\",\"url\":\"https:\/\/www.certisur.com\/en\/\",\"name\":\"CertiSur\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.certisur.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.certisur.com\/en\/#organization\",\"name\":\"CertiSur\",\"url\":\"https:\/\/www.certisur.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png\",\"contentUrl\":\"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png\",\"width\":3075,\"height\":2483,\"caption\":\"CertiSur\"},\"image\":{\"@id\":\"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CertiSur\",\"https:\/\/x.com\/CertiSur\",\"https:\/\/www.youtube.com\/c\/TecnologaCertiSur\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CertiSur","description":"Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Windows Critical Vulnerabilities CVE-2020-0601- CertiSur","og_description":"Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability.","og_url":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/","og_site_name":"CertiSur","article_publisher":"https:\/\/www.facebook.com\/CertiSur","article_modified_time":"2023-05-02T20:08:12+00:00","twitter_card":"summary_large_image","twitter_site":"@CertiSur","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/","url":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/","name":"Windows Critical Vulnerabilities CVE-2020-0601- CertiSur","isPartOf":{"@id":"https:\/\/www.certisur.com\/en\/#website"},"datePublished":"2020-01-20T21:32:49+00:00","dateModified":"2023-05-02T20:08:12+00:00","description":"Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability.","breadcrumb":{"@id":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.certisur.com\/en\/news\/windows-critical-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"News","item":"https:\/\/www.certisur.com\/en\/news\/"},{"@type":"ListItem","position":2,"name":"Windows Critical Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.certisur.com\/en\/#website","url":"https:\/\/www.certisur.com\/en\/","name":"CertiSur","description":"","publisher":{"@id":"https:\/\/www.certisur.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.certisur.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.certisur.com\/en\/#organization","name":"CertiSur","url":"https:\/\/www.certisur.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png","contentUrl":"https:\/\/www.certisur.com\/wp-content\/uploads\/Logo-CertiSur-Signo-de-Confianza-300dpi-copy.png","width":3075,"height":2483,"caption":"CertiSur"},"image":{"@id":"https:\/\/www.certisur.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CertiSur","https:\/\/x.com\/CertiSur","https:\/\/www.youtube.com\/c\/TecnologaCertiSur"]}]}},"_links":{"self":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/6696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/comments?post=6696"}],"version-history":[{"count":0,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/6696\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/pages\/4975"}],"wp:attachment":[{"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/media?parent=6696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.certisur.com\/en\/wp-json\/wp\/v2\/categories?post=6696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}