Microsoft Security Bulletin Coverage for Jan 2020

January 14, 2020

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability
IPS 14728:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
IPS 14729:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
IPS 14730:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
IPS 14731:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4

CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0606 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0608 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability
IPS 14723:Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 1

CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability
IPS 14724:Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 2

CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0617 Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0621 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0624 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 5871:Malformed-File exe.MP.116

CVE-2020-0635 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0642 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0644 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability
There are no known exploits in the wild.
CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.