Agencies urged to install Patch Tuesday security fixes


By Dylan Bushell-Embling
Wednesday, 15 January, 2020

Agencies urged to install Patch Tuesday security fixes

Government agencies in Australia and the US have been urged to apply patches to apply the critical security updates released by Microsoft on Tuesday, which includes fixes for major threats such as the recently disclosed certificate spoofing vulnerability in Windows 10.

The vulnerability in the way Windows CryptoAPI validates elliptic curve cryptography (EEC) certificates was discovered by the US National Security Agency, which took the unprecedented step of disclosing it to Microsoft rather than keeping it for its own attack arsenal.

It allows malicious software to appear to be authentically signed by a trusted organisation, and could additionally be exploited to allow man in the middle attacks.

The patch includes fixes for major threats such as the recently disclosed certificate spoofing vulnerability in Windows 10.

The Australian Cyber Security Centre said that it "recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network".

In the US, the Department of Homeland Security's Cyber Infrastructure and Security Agency (CISA) has instructed federal US government agencies to apply the latest Patch Tuesday security update within 10 business days.

CISA also highlighted the fixes for vulnerabilities in the Windows Remote Desktop Protocol (RDP) client used by all supported versions of Windows, as well as the RDP Gateway Server that allow for remote code execution without requiring authentication or user interaction.

As well as applying patches, CISA has instructed agencies to report on their progress applying the patch by Friday, and to submit a completion report by 29 January.

Agencies have also been told to ensure there are technical and management controls in place to ensure newly provisioned or offline endpoints are patched before being connected or reconnected to agency networks.

Image credit: ©stock.adobe.com/au/metelsky25

Related News

Careless employees cause 80% of Australian data losses: report

While organisations are investing in DLP solutions, a report by Proofpoint shows that those...

Intercede launches MyID MFA 5.0

Intercede has introduced a range of enhancements to its MyID MFA multi-factor authentication...

23% of connected healthcare devices vulnerable to attack

New research from Claroty indicates that a high proportion of medical devices connected to...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd