Weekly Comments

14 - 21 January 2020

Microsoft Patch Tuesday for January addresses 49 vulnerabilities, of which eight are rated Critical.

Microsoft Patch Tuesday for January addresses 49 vulnerabilities, of which eight are rated Critical. Among the vulnerabilities, CVE-2020-0601 is a spoofing bug in Windows CryptoAPI (Crypt32.dll). An attacker can exploit this vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. Exploitation of CVE-2020-0601 is not observed in the wild but working proof-of-concepts are already publicly available. Separately, Microsoft has published an advisory (ADV200001) to warn about ongoing attacks targeting a zero-day remote code execution (RCE) vulnerability for Internet Explorer. The IE bug, tracked as CVE-2020-0674, exists in the way the scripting engine in IE handles objects in memory. An attacker can host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. This can trigger memory corruption leading to remote code execution, allowing the attacker to gain the same user rights as the victim.  Microsoft is currently working on the patch for CVE-2020-0674 but did not provide an expected release date. As a temporary workaround, Microsoft has suggested restricting access to JScript.dll, which will help prevent potential network attacks.

References:

January 2020 Security Updates

Microsoft Security Update Guide

ollypwn/CVE-2020-0601

kudelskisecurity/chainoffools

ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence