Earlier this month, Microsoft released software fixes to address 49 vulnerabilities as part of a monthly Patch Tuesday announcement, according to a CISA Alert.
The alert continues:
“Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections:
The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of these vulnerabilities. However, because patches have been publicly released, the underlying vulnerabilities can be reverse-engineered to create exploits that target unpatched systems.
CISA strongly recommends organizations install these critical patches as soon as possible—prioritize patching by starting with mission critical systems, internet-facing systems, and networked servers. Organizations should then prioritize patching other affected information technology/operational technology (IT/OT) assets.”
CISA adds that “New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.”
For more information, visit us-cert.gov/ncas/alerts/aa20-014a.
*By entering your email address, you agree to receive emails regarding TechNation Magazine, Webinars, and Exclusive Promos.
© 2020, TechNation Magazine. Site designed by MD Publishing, Inc.