Microsoft Security Bulletin Coverage for Jan 2020

Microsoft Patch Tuesday

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2020. A list of issues reported, along with SonicWall coverage information are as follows:

  • CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability
  • IPS 14728: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
  • IPS 14729: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
  • IPS 14730: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
  • IPS 14731: Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4
  • CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0606 .NET Framework Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0608 Win32k Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability
  • IPS 14723: Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 1
  • CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability
  • IPS 14724: Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 2
  • CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0617 Hyper-V Denial of Service Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0621 Windows Security Feature Bypass Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0624 Win32k Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • ASPY 5871: Malformed-File exe.MP.116
  • CVE-2020-0635 Windows Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0642 Win32k Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0644 Windows Elevation of Privilege Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability
    • There are no known exploits in the wild.
  • CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
    • There are no known exploits in the wild.

** Optrics Inc. is an Registered SonicWall partner


The original article can be found here:

https://securitynews.sonicwall.com/xmlpost/microsoft-security-bulletin-coverage-for-jan-2020/

About the Author: Shannon Lewis

Leave a Reply

%d bloggers like this: