Microsoft exposes a security issue that affects millions of Windows 10 computers, RDP and DHCP on win2008R2

&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2528 " id&equals;"quads-ad2528" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;<h2>Windows 10 Crypto API Spoofing<&sol;h2>&NewLine;<p>Microsoft has released a new security patch for a vulnerability that could affect millions of Windows 10 Users world wide&period;<&sol;p>&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2530 " id&equals;"quads-ad2530" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2523 " id&equals;"quads-ad2523" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2531 " id&equals;"quads-ad2531" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;<h2>A decades old API<&sol;h2>&NewLine;<p>The decades old CryptoAPI tool validates and signs packages&sol;software which could be utilized by hackers&sol;developers to sign and execute illegitimate software thus would allow users to run anything without user’s nor Antivirus&sol;Internet Security software’s notice&period;<&sol;p>&NewLine;<p>Microsoft mentioned that the vulnerability could also allow hackers to change or modify encrypted communications&period;<&sol;p>&NewLine;<p>It’s important to mention that CryptoAPI is a legacy API that’s being replaced by a new CNG &lpar;Cryptography Next Generation API&rpar; which also supports CryptoAPI&period;<&sol;p>&NewLine;<h2>CryptoAPI Key Storage Architecture<&sol;h2>&NewLine;<p><img src&equals;"https&colon;&sol;&sol;docs&period;microsoft&period;com&sol;en-us&sol;windows&sol;win32&sol;seccrypto&sol;images&sol;cryparch&period;png" alt&equals;"cryptoapi architecture" &sol;> &NewLine;&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2529 " id&equals;"quads-ad2529" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; &NewLine;<&sol;p>&NewLine;<h2>Download Patch<&sol;h2>&NewLine;<h4>Direct Download<&sol;h4>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;www&period;catalog&period;update&period;microsoft&period;com&sol;Search&period;aspx&quest;q&equals;KB4528760">https&colon;&sol;&sol;www&period;catalog&period;update&period;microsoft&period;com&sol;Search&period;aspx&quest;q&equals;KB4528760<&sol;a><&sol;p>&NewLine;<h4>CVE<&sol;h4>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;CVE-2020-0601">https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;CVE-2020-0601<&sol;a><&sol;p>&NewLine;<h2>Windows 2008 R2&comma; Windows 7 RDP<&sol;h2>&NewLine;<p>A day ago Microsoft released two very important security patches on May 14&comma; 2019&period;<&sol;p>&NewLine;<p>One of these patches has been detected in the RDP service &lpar;CVE-2019-0708&rpar; which affects Windows 7 and Windows 2008 R2&period;<&sol;p>&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2524 " id&equals;"quads-ad2524" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;<p>According to MS’s Article a remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests&period;<&sol;p>&NewLine;<h2>No Authentication or Interaction needed<&sol;h2>&NewLine;<p>This vulnerability is pre-authentication and requires no user interaction&period; An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system&period;<&sol;p>&NewLine;<p>An attacker could then install programs&semi; view&comma; change&comma; or delete data&semi; or create new accounts with full user rights&period;<&sol;p>&NewLine;<p>When look at CVE-2019-0708&comma; which is related to the RDP service&comma; we see that attackers are able to run code on systems by sending specially produced packages without any user interaction and authentication and manage to install malware like Ransomware or other execution files&period;<&sol;p>&NewLine;<h2>Download Patch<&sol;h2>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;CVE-2019-0708">https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;CVE-2019-0708<&sol;a><&sol;p>&NewLine;<h2>Windows 2008R2&comma; 2012R2&comma; 2016 and 2019 DHCP<&sol;h2>&NewLine;<p>The other one is in the DHCP service &lpar;CVE-2019-0725&rpar;&comma; and both vulnerabilities are very critical&period;<&sol;p>&NewLine;<p>A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets&period; An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server&period;<&sol;p>&NewLine;<h2>Download Patch<&sol;h2>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;CVE-2019-0725">https&colon;&sol;&sol;portal&period;msrc&period;microsoft&period;com&sol;en-US&sol;security-guidance&sol;advisory&sol;CVE-2019-0725<&sol;a><&sol;p>&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2526 " id&equals;"quads-ad2526" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;<h2>Sources&colon;<&sol;h2>&NewLine;<p>Microsoft&comma; NSA&comma; Other Security Researchers<&sol;p>&NewLine;&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2522 " id&equals;"quads-ad2522" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;