The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.
Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible. Review the following resources for more information:
- Activity Alert AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems
- Emergency Directive 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
- CISA Blog: Windows Vulnerabilities that Require Immediate Attention
- CERT/CC Vulnerability Note VU#491944
- CERT/CC Vulnerability Note VU#849224
- National Security Agency Cybersecurity Advisory