The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.
Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible. Review the following resources for more information:
Activity Alert AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems Emergency Directive 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday CISA Blog: Windows Vulnerabilities that Require Immediate Attention CERT/CC Vulnerability Note VU#491944 CERT/CC Vulnerability Note VU#849224 National Security Agency Cybersecurity Advisory