Microsoft Security Bulletin Coverage for Jan 2020

Microsoft Patch Tuesday

Microsoft Patch Tuesday

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2020. A list of issues reported, along with SonicWall coverage information are as follows:

  • CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability
  • IPS 14728: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
  • IPS 14729: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
  • IPS 14730: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
  • IPS 14731: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4
  • CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0606 .NET Framework Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0608 Win32k Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability
  • IPS 14723: Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 1
  • CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability
  • IPS 14724: Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 2
  • CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0617 Hyper-V Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0621 Windows Security Feature Bypass Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0624 Win32k Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • ASPY 5871: Malformed-File exe.MP.116
  • CVE-2020-0635 Windows Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0642 Win32k Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0644 Windows Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
    • There are no known exploits in the wild.

** Optrics Inc. is an Registered SonicWall partner


The original article can be found here:

https://securitynews.sonicwall.com/xmlpost/microsoft-security-bulletin-coverage-for-jan-2020/

Leave a Reply