Microsoft Patch Tuesday for January addresses 49 vulnerabilities, of which eight are rated Critical. Among the vulnerabilities, CVE-2020-0601 is a spoofing bug in Windows CryptoAPI (Crypt32.dll). An attacker can exploit this vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. Exploitation of CVE-2020-0601 is not observed in the wild but working proof-of-concepts are already publicly available. Separately, Microsoft has published an advisory (ADV200001) to warn about ongoing attacks targeting a zero-day remote code execution (RCE) vulnerability for Internet Explorer. The IE bug, tracked as CVE-2020-0674, exists in the way the scripting engine in IE handles objects in memory. An attacker can host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. This can trigger memory corruption leading to remote code execution, allowing the attacker to gain the same user rights as the victim. Microsoft is currently working on the patch for CVE-2020-0674 but did not provide an expected release date. As a temporary workaround, Microsoft has suggested restricting access to JScript.dll, which will help prevent potential network attacks.
References:ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services