Virus & Security Alert

Vulnerability Name Severity Advisory Date
February 2020 - Microsoft Releases Security Patches Microsoft addresses several vulnerabilities in its February security bulletin. Trend Micro Deep Security covers the following:

    CVE-2020-0674 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine of Internet explorer in the way it handles objects in memory. Attackers looking to exploit this vulnerability could host a specially crafted website that contains an exploit.



    CVE-2020-0681 - Remote Desktop Client Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Windows Remote Desktop Client. It exists when a user connects to a malicious server. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.



    CVE-2020-0692 - Microsoft Exchange Server Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability, that requires an enabled Exchange Web Services (EWS), exists in the Microsoft Exchange Server. Attackers looking to exploit this vulnerability must find a way to change Security Access Token parameters and forward that to the vulnerable Microsoft Exchange Server.


.
Read More
12/02/2020
January 2020 - Microsoft Releases Security Patches Microsoft addresses several vulnerabilities in its January security bulletin. Trend Micro Deep Security covers the following:

    CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



    CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



    CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the improper handling of objects by Microsoft Office. Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file.



    CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability
    Risk Rating: Important

    This spoofing vulnerability exists in the validation of Elliptic Curve Cryptography (ECC) certificates by the the Windows CryptoAPI (crypt32.dll). A successful exploitation of this vulnerability could allow man-in-the-middle (MiTM) attacks.


.
Read More
14/01/2020