January 2020 - Microsoft Releases Security Patches

Microsoft addresses several vulnerabilities in its January security bulletin. Trend Micro Deep Security covers the following:

• CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
  Risk Rating: Critical
  
  This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



• CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
  Risk Rating: Critical
  
  This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



• CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability
  Risk Rating: Important
  
  This remote code execution vulnerability exists in the improper handling of objects by Microsoft Office. Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file.



• CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability
  Risk Rating: Important
  
  This spoofing vulnerability exists in the validation of Elliptic Curve Cryptography (ECC) certificates by the the Windows CryptoAPI (crypt32.dll). A successful exploitation of this vulnerability could allow man-in-the-middle (MiTM) attacks.