Microsoft Security Warning
Jan 14th, 2020 Microsoft released a number of patches for critical product vulnerabilities, also highlighted in recent publications, e.g. by the National Security Agency (NSA): CVE-2020-0601 has been identified as a severe vulnerability in the Windows Crypto API.
Some information and recommendations for the following vulnerabilities as follows: CVE-2020-0601: Vulnerability in the Windows Crypto API (Windows 2016/2019/10) CVE-2020-0603, CVE-2020-0605, CVE-2020-0606 and CVE-2020-0646: Remote Code Execution Vulnerabilities in .NET and ASP.NET core software CVE-2020-0611: Remote code execution vulnerability in the Windows Remote Desktop Protocol Client CVE-2020-0640: Memory code corruption vulnerability in Internet Explorer web browser
All for One Group's recommended course of actions: All internet-facing systems (DMZ) with Windows Server 2016/2019: Patch as soon as possible. All workstations (Windows 10) and Windows terminal servers: Patch in the next 2 weeks (until Feb 2nd 2020), do not use Internet Explorer until the patch has been applied. All other Windows systems: Patch within the next 4 weeks (until Feb 16th 2020), in a regular patching cycle.
For systems within All for One Group's responsibility and if you have no agreed patch schedule, you will receive a ticket detailing the patching request. We would like to ask you to approve our patch request as soon as possible.
Should you have questions, please contact firstname.lastname@example.org For further information please consult the Microsoft MSRC website: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan
All for One Support