{"id":6433,"date":"2020-01-16T17:17:05","date_gmt":"2020-01-16T16:17:05","guid":{"rendered":"http:\/\/www.antemeta.fr\/?p=6433\/"},"modified":"2020-01-16T17:22:56","modified_gmt":"2020-01-16T16:22:56","slug":"critical-upgrade-notice-on-windows","status":"publish","type":"post","link":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/","title":{"rendered":"Critical upgrade notice on Windows"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignnone size-full wp-image-6430 lazyload\" data-src=\"\/wp-content\/uploads\/2020\/01\/Visuel-alternatif-mis-en-avant.png\" alt=\"\" width=\"760\" height=\"200\" data-srcset=\"\/wp-content\/uploads\/2020\/01\/Visuel-alternatif-mis-en-avant.png 760w, \/wp-content\/uploads\/2020\/01\/Visuel-alternatif-mis-en-avant-300x79.png 300w, \/wp-content\/uploads\/2020\/01\/Visuel-alternatif-mis-en-avant-668x176.png 668w\" data-sizes=\"(max-width: 760px) 100vw, 760px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 760px; --smush-placeholder-aspect-ratio: 760\/200;\" \/><\/p>\n<p>These <strong>critical update releases<\/strong> have been pointed out in security bulletins and in an NSA alert <strong>regarding severe vulnerabilities impacting Windows cryptographic functionality<\/strong>.<\/p>\n<p class=\"lead\"><span class=\"color1\">WHAT TO KNOW AND WHAT TO DO\u00a0?<\/span><\/p>\n<p>These vulnerabilities impacting Windows cryptographic functionality are fixed within the last Patch Tuesday patches from Microsoft Windows. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities (HTTPS connections, Signed files and emails, Signed executable code launched as user-mode process).<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Two of them are particularly critical:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong>CVE-2020-0601:<\/strong> Vulnerability on the CryptoAPI DLL allowing the certification of malicious binaries (<span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2020-ALE-004\/\" target=\"_blank\" rel=\"noopener\">link CERT-FR<\/a><\/span>).<\/p>\n<ul>\n<li><strong>Who is concerned:<\/strong> Anybody or any company with the following Windows systems.<\/li>\n<li><strong>Impacted systems:<\/strong> Microsoft Windows 10, Windows Server 2016, Windows Server 2019.<\/li>\n<li><strong>Remediation\u00a0:<\/strong> It is strongly recommended to apply the updates patches from this CVE (<span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/portal.msrc.microsoft.com\/fr-fr\/security-guidance\/advisory\/CVE-2020-0601\" target=\"_blank\" rel=\"noopener\">link Portail Microsoft<\/a><\/span>)<\/li>\n<\/ul>\n<p><strong>CVE-2020-0610<\/strong>\u00a0: Vuln\u00e9rabilit\u00e9 impactant le service RDP Windows permettant \u00e0 un attaquant l\u2019ex\u00e9cution de code arbitraire sur le client Windows sans n\u00e9cessairement avoir besoin de s\u2019y authentifier (<span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2020-ALE-005\/\" target=\"_blank\" rel=\"noopener\">link CERT-FR<\/a><\/span>).<\/p>\n<ul>\n<li><strong>Who is concerned:<\/strong> Anybody or any company with the following Windows systems.<\/li>\n<li><strong>Impacted systems:<\/strong> Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019<\/li>\n<li><strong>Remediation\u00a0:<\/strong> It is strongly recommended to apply the updates patches from this CVE (<span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/portal.msrc.microsoft.com\/fr-FR\/security-guidance\/advisory\/CVE-2020-0610\" target=\"_blank\" rel=\"noopener\">link Portail Microsoft<\/a><\/span>).<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p class=\"lead\"><span class=\"color1\">OUR RECOMMENDATIONS<\/span><\/p>\n<p>It is <strong>strongly recommended to apply the corrective patches available as soon as possible<\/strong> by prioritizing windows-based appliances, web servers and proxies that perform TLS validation as well as Endpoints that host critical infrastructure (e.g. domain controllers, DNS servers, update servers, VPN servers, IPSec negotiation).<\/p>\n<p>If your <strong>Windows machines are regularly updated (WSUS)<\/strong>, please <strong>check that they have recovered the security patches dated 01\/14\/2020<\/strong>. Otherwise, please download and install Microsoft Windows patches as soon as possible.<\/p>\n<p><strong>AntemetA Cybersecurity team<\/strong><\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>&nbsp;<\/p>\n<p><strong>MORE INFORMATION<\/strong><\/p>\n<p><strong>Microsoft web pages: <\/strong><br \/>\n<strong><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601\" target=\"_blank\" rel=\"noopener\">https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601<\/a><\/span><\/strong><br \/>\n<strong><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/portal.msrc.microsoft.com\/fr-FR\/security-guidance\/advisory\/CVE-2020-0610\" target=\"_blank\" rel=\"noopener\">https:\/\/portal.msrc.microsoft.com\/fr-FR\/security-guidance\/advisory\/CVE-2020-0610<\/a><\/span><\/strong><br \/>\n<strong>NSA Advisory: <\/strong><br \/>\n<strong><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/media.defense.gov\/2020\/Jan\/14\/2002234275\/-1\/-1\/0\/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF\" target=\"_blank\" rel=\"noopener\">https:\/\/media.defense.gov\/2020\/Jan\/14\/2002234275\/-1\/-1\/0\/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF <\/a><\/span><\/strong><br \/>\n<strong>CERT-FR Security bulletins:<\/strong><br \/>\n<strong><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2020-ALE-004\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2020-ALE-004\/<\/a><\/span><\/strong><br \/>\n<strong><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2020-ALE-005\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2020-ALE-005\/<\/a><\/span><\/strong><br \/>\n<strong>Brian Krebs blogs:<\/strong><br \/>\n<strong><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"https:\/\/krebsonsecurity.com\/2020\/01\/patch-tuesday-january-2020-edition\/\" target=\"_blank\" rel=\"noopener\">https:\/\/krebsonsecurity.com\/2020\/01\/patch-tuesday-january-2020-edition\/<\/a><\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>These critical update releases have been pointed out in security bulletins and in an NSA alert regarding severe vulnerabilities impacting Windows cryptographic functionality. WHAT TO KNOW AND WHAT TO DO\u00a0? These vulnerabilities impacting Windows cryptographic functionality&#8230;<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[125,127,13],"tags":[],"class_list":["post-6433","post","type-post","status-publish","format-standard","hentry","category-application","category-cyber-security-en","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical upgrade notice on Windows - Antemeta<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical upgrade notice on Windows - Antemeta\" \/>\n<meta property=\"og:description\" content=\"These critical update releases have been pointed out in security bulletins and in an NSA alert regarding severe vulnerabilities impacting Windows cryptographic functionality. WHAT TO KNOW AND WHAT TO DO\u00a0? These vulnerabilities impacting Windows cryptographic functionality...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\" \/>\n<meta property=\"og:site_name\" content=\"Antemeta\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/antemeta\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-16T16:17:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-16T16:22:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.antemeta.fr\/wp-content\/uploads\/2017\/06\/logo_vertic_bleu_fond_transparent.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nathan Ait Azzouzene\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@AntemetA\" \/>\n<meta name=\"twitter:site\" content=\"@AntemetA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nathan Ait Azzouzene\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\"},\"author\":{\"name\":\"Nathan Ait Azzouzene\",\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05\"},\"headline\":\"Critical upgrade notice on Windows\",\"datePublished\":\"2020-01-16T16:17:05+00:00\",\"dateModified\":\"2020-01-16T16:22:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\"},\"wordCount\":367,\"commentCount\":0,\"articleSection\":[\"Application\",\"Cyber Security\",\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\",\"url\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\",\"name\":\"Critical upgrade notice on Windows - Antemeta\",\"isPartOf\":{\"@id\":\"https:\/\/www.antemeta.fr\/#website\"},\"datePublished\":\"2020-01-16T16:17:05+00:00\",\"dateModified\":\"2020-01-16T16:22:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.antemeta.fr\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical upgrade notice on Windows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.antemeta.fr\/#website\",\"url\":\"https:\/\/www.antemeta.fr\/\",\"name\":\"Antemeta\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.antemeta.fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05\",\"name\":\"Nathan Ait Azzouzene\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g\",\"caption\":\"Nathan Ait Azzouzene\"},\"url\":\"https:\/\/www.antemeta.fr\/en\/author\/nathan-ait-azzouzene\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical upgrade notice on Windows - Antemeta","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/","og_locale":"en_US","og_type":"article","og_title":"Critical upgrade notice on Windows - Antemeta","og_description":"These critical update releases have been pointed out in security bulletins and in an NSA alert regarding severe vulnerabilities impacting Windows cryptographic functionality. WHAT TO KNOW AND WHAT TO DO\u00a0? These vulnerabilities impacting Windows cryptographic functionality...","og_url":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/","og_site_name":"Antemeta","article_publisher":"https:\/\/www.facebook.com\/antemeta","article_published_time":"2020-01-16T16:17:05+00:00","article_modified_time":"2020-01-16T16:22:56+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/www.antemeta.fr\/wp-content\/uploads\/2017\/06\/logo_vertic_bleu_fond_transparent.png","type":"image\/png"}],"author":"Nathan Ait Azzouzene","twitter_card":"summary_large_image","twitter_creator":"@AntemetA","twitter_site":"@AntemetA","twitter_misc":{"Written by":"Nathan Ait Azzouzene","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#article","isPartOf":{"@id":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/"},"author":{"name":"Nathan Ait Azzouzene","@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05"},"headline":"Critical upgrade notice on Windows","datePublished":"2020-01-16T16:17:05+00:00","dateModified":"2020-01-16T16:22:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/"},"wordCount":367,"commentCount":0,"articleSection":["Application","Cyber Security","News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/","url":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/","name":"Critical upgrade notice on Windows - Antemeta","isPartOf":{"@id":"https:\/\/www.antemeta.fr\/#website"},"datePublished":"2020-01-16T16:17:05+00:00","dateModified":"2020-01-16T16:22:56+00:00","author":{"@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05"},"breadcrumb":{"@id":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.antemeta.fr\/en\/critical-upgrade-notice-on-windows\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.antemeta.fr\/en\/"},{"@type":"ListItem","position":2,"name":"Critical upgrade notice on Windows"}]},{"@type":"WebSite","@id":"https:\/\/www.antemeta.fr\/#website","url":"https:\/\/www.antemeta.fr\/","name":"Antemeta","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.antemeta.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05","name":"Nathan Ait Azzouzene","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g","caption":"Nathan Ait Azzouzene"},"url":"https:\/\/www.antemeta.fr\/en\/author\/nathan-ait-azzouzene\/"}]}},"_links":{"self":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts\/6433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/comments?post=6433"}],"version-history":[{"count":7,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts\/6433\/revisions"}],"predecessor-version":[{"id":6441,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts\/6433\/revisions\/6441"}],"wp:attachment":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/media?parent=6433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/categories?post=6433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/tags?post=6433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}