Overlay | VanRoey.be

Security alert: vulnerabilities discovered within Windows

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

As a result of some serious vulnerabilities within Windows, Microsoft released some important security updates last night. What these vulnerabilities are, on whom it has an impact and what action needs to be taken, you can find out here.

Security Alert 1: Security breach in Crypt32.dll

  • Qualification: Important
  • Microsoft reference: CVE-2020-0601

Crypt32.dll is a part of Windows that validates certificates. The vulnerability in Crypt32.dll makes it possible to forge Elliptic Curve Cryptography, or ecc certificates (spoofing). A hacker can abuse the vulnerability to, for example, get an infected executable on a system (Ransomware).

Who or what is vulnerable?

All systems with Windows 10, Windows Server 2016 and 2019.

Doing what?

1. In a Managed Services environment without Desktop Management:

Servers are patched. Reboot will still be necessary. not to disrupt daily operations, we don't do this automatically. For this we ask for an explicit approval (support@vanroey.be).

As an administrator it is important that you update all clients (desktops, notebooks, tablets, …) as soon as possible.

2. In a Managed Services environment with Desktop Management:

Servers and clients are patched. Reboot remains necessary. Again we ask explicit approval in order not to disrupt the daily operational operation (support@vanroey.be).

3. Without Managed Services:

It is extremely important to provide servers and clients with this update as soon as possible. If you would like assistance with this, you can contact us by phone (+32 14 47 06 05) or e-mail (business@vanroey.be).

Security Alert 2: Security hole in Windows RDP Gateway Server and Remote Desktop Client

  • Qualification: Important
  • Microsoft reference: CVE-2020-0609, CVE-2020-0610 en CVE-2020-0612

Microsoft has fixed multiple vulnerabilities in Windows RDP Gateway Server and Windows Remote Desktop Client, and a malicious party can potentially exploit the vulnerabilities to execute random code, obtain sensitive data, or launch a Denial-of-Service (DoS) attack.

Who or what is vulnerable?

All systems running Windows 7, Windows 8, Windows 10, Windows Server 2012, Windows Server 2016 and Windows Server 2019.

Doing what?

1. In a Managed Services environment without Desktop Management:

Servers are patched. Reboot will still be necessary. not to disrupt daily operations, we don't do this automatically. For this we ask for an explicit approval (support@vanroey.be).

As an administrator it is important that you update all clients (desktops, notebooks, tablets, …) as soon as possible.

2. In a Managed Services environment with Desktop Management:

Servers and clients are patched. Reboot remains necessary. Again we ask explicit approval in order not to disrupt the daily operational operation (support@vanroey.be).

3. Without Managed Services:

It is extremely important to provide servers and clients with this update as soon as possible. If you would like assistance with this, you can contact us by phone (+32 14 47 06 05) or e-mail (business@vanroey.be).

“It is extremely important to update your servers and clients as soon as possible.”

Written by:

Cindy Zuidwijk
Marketing Assistant

Joined VanRoey.be as Marketing Assistant in 2016, with a focus on SEA, Social Media and Event Management.

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

Related info

Outsource your IT management. Our team is at your service up to 24/7 and keeps your ICT healthy and under strict control. So you can concentrate on your core tasks