Microsoft Patch Tuesday Audit – January 2020

TL;DR: Go Straight to the January 2020 Patch Tuesday Audit Report.

The Patch Tuesday January 2020 security updates have arrived. Microsoft released fixes for 49 CVE-numbered vulnerabilities, 8 of which are classified as critical vulnerabilities. The January 2020 Patch Tuesday also provides us with the last free update of Windows 7 and Server 2008/2008 R2.

Microsoft has released security patches for a variety of its products, including Windows, Internet Explorer, Office and Office Services and Web Apps, ASP.NET, .NET Core, .NET Framework, OneDrive for Android, and Microsoft Dynamics.

Windows 7, Server 2008, and Server 2008 R2 have received their final public patch release. Windows 7 is hitting its end of support, so it's crucial to either upgrade to Windows 10 or to buy Extended Security Updates from Microsoft in order to remain secure.

CVE-2020-0601 CRYPT32.DLL Vulnerability

Microsoft addressed CVE-2020-0601 in the usermode cryptographic library, CRYPT32.DLL, that affects Windows 10 systems. This vulnerability could allow attackers to create a code-signing certificate, making a malicious executable look like it's from a trusted source.

Both NSA, who discovered the vulnerability, and Microsoft say that the vulnerability hasn't yet been exploited in the wild, but they recommend installing the patches delivered with Microsoft's January 2020 Patch Tuesday as soon as possible.

Remote Desktop Protocol (RDP) Vulnerabilities Patched

Included in the January Patch Tuesday patches are five vulnerabilities in Remote Desktop Gateway Server, Remote Desktop Client, and Remote Desktop Web Access.

  • CVE-2020-0609
  • CVE-2020-0610
  • CVE-2020-0611
  • CVE-2020-0612
  • CVE-2020-0637

Run the January 2020 Patch Tuesday Audit Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.