Critical Vulnerabilities in Microsoft Windows Operating Systems (Alert AA20-O14a)

US CERT - Department of Homeland Security ^ | 14 January 2020 | US-CERT

[MeganC]

Summary

New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections:

CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus.

Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.

Multiple Windows RDP vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611: These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop client and RDP Gateway Server—allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

[Openurmind]

Wow... That window is a little bit different than mine. I don’t have the “delay” option. I apologize, I just tried to make the automatic log in on mine work and it would not. But I think it could be because I have my Home partition encrypted. Encryption is always going to need a login password.

So let me do some homework on that auto login issue. I am probably steering you wrong on that. For some reason I was thinking the text field behind the “username*” was what we needed.

Now as for the external USB keyboard. Mine would NOT let me hit Esc to wake it from full hibernation. for some reason it does see my laptop primary internal keyboard, but not the external USB when it is in this particular state. But I think on a desktop this should not be the case because it will have only one keyboard.

Digging... be back. :)

[Openurmind]

Hey! you found it! Cool, now I want to check and see if it will let me do that even though my home partition is encrypted. :)

[usconservative]

Holy smokes...in before someone tells me to get Linux!!

the best patch for Windows is Linux.

[daniel1212]

Hey! you found it! Cool, now I want to check and see if it will let me do that even though my home partition is encrypted. :)

No, I think that will prevent it, though it should not.

Try to do improve the poorly organized and non-compact "Start" menu. Went to config but there are something the same items in triplicate, and in the wrong category, and nothing where there should be some (System tools).

I rearranged somethings, and tried to reduce the icon size and spacing, but it is too spread out still. I would rather most everything visible without having to scroll much, as in you-what-what,

And find out how to make right click menus, like as pop pop up from the Task Bar, Desktop and the clock - not make a new panel that stick to the side or stack. And be able to easily add icons to for applications, copying and pasting (or sending) them from the Start menu. Speed.

"

[Openurmind]

It actually worked! Here is I found with the screen saver lock setting from hibernate, I got lucky. It does work on mine and does bypass the login screen back to my existing session. But it still makes me login at boot up. This I am sure is because it is encrypted.

I always left mine on so it never went to suspend or hibernate. Very good to know! Thank you for finding and sharing that!

I was wondering, since you have more than one user on that machine the initial boot up login is actually needed for you anyhow? So that the option is up front at startup to log into different user sessions? At any rate I found how to also turn that off if you ever want to do it. It is a terminal configuration edit in lightdm.

https://unix.stackexchange.com/questions/381785/how-do-i-enable-auto-login-in-mint-18

[musicman]

BFLR

[Openurmind]

OK, about customizing menus. I have never used it so I can’t help much with what all this does. But right click on the main menu and it should give you a configure option. In there appears to be what tools are available to customize these.

[Openurmind]

https://blog.softhints.com/linux-mint-19-how-to-edit-main-menu/

[Openurmind]

Looks like in there under menu/open menu editor it will let you add more menus. As for making them taller so that you can scroll less I am looking into that now.

[Openurmind]

OK, here we go... You can change every little detail like a webscript by editing the cinnamon.css file. You will be at the very internal crankshaft and bearings with this.

system/usr/share/cinnamon/right click the “theme” folder and open as root. double click the “cinnamon.css” file and it will open into your text editor. I would take your time and read through the properties very well and make sure you are making the right changes to the right things. Because you will be rooted and in the china shop with these files that can break very easily, just one space in the wrong place will do it.

I am sure you are hip to this safe measure, but whenever I make changes like this on websites I always make physical notes of the line I am changing and copy the existing string EXACTLY how it is before I edit it, spaces and all characters have to be exact. That way if there is any issues I can go put it right back as it was and try again. :)

But here is where you can do ANYTHING you want to it. :)

[daniel1212]

Yes, I am sure that can be carefully tweaked if or when I want to take more time on it. Same goes for the Settings windows. Yet the default Windows Start menu is worse. Thank God for open Shell.

I suppose with all the variants btwn distros and desktops then it prevents someone coming up with a simple Linux GUI such as the safe freeware Ultimate Windows Tweaker 4 for Windows 10 with its 200 available tweaks.

[Openurmind]

I found something interesting that would be cool. There was a guy who developed a fully customizable main menu, and it looks like it fit the bill well with cool customizable features, resizable and all. But when he released it in 2014 as an applet download from the cinnamon repository everyone in the cinnamon community gave him a hard time and I can’t find any current information about it. I don’t know if it is still available, or if it would even work with the newer cinnamon versions. But I am still digging for an addon utility that might work for you because I am interested too.

http://linuxbsdos.com/2014/12/02/configurable-menu-install-the-best-menu-for-linux-mint-1717-1-cinnamon/

[daniel1212]

I found something interesting that would be cool. There was a guy who developed a fully customizable main menu, and it looks like it fit the bill well with cool customizable features, resizable and all. But when he released it in 2014 as an applet download from the cinnamon repository everyone in the cinnamon community gave him a hard time

Linux needs more coders who like more customization like he does. But as the popularity of the Google Chrome browser versus Firefox legacy examples, and its replacement with the basically "safe mode" Firefox Quantum, most are pretty much content with overall default software versus utility truck capability.

[trebb]

Thanks I’m thinking of putting it beside Win 10 on my laptop for now because it is mainly a file backup machine and for the rare times I’m out of town for a few days.
My skills have become a bit rusty with time and I’m too lazy to really gear up so a ready-to-go package is what i want - last experiment was with Ubuntu some years ago and I still had to do some command line to get some apps to auto-start upon boot.

[Openurmind]

“Linux needs more coders who like more customization like he does. But as the popularity of the Google Chrome browser versus Firefox legacy examples, and its replacement with the basically “safe mode” Firefox Quantum, most are pretty much content with overall default software versus utility truck capability.”

And that is why I push Linux, “Build it and they will come”. The more popular it becomes, the more demand there will be for coders to get off their butts and provide more apps and features. Unlike windows where you are stuck with whatever broken mouse trap they force you to use, the free market competitive community of Linux will create an environment where coders will always be competing to build a better mousetrap. But the antiquated stigmas need to be corrected, and mainstream popularity and demand needs to increase first.

And I think this is also the thought with why the proprietary software sources are allowing the free use of their products without any restrictions. They know that if it does indeed become more popular there will come the time when they can start cashing in on these products. So what we are getting and allowed to use now are basically “Free test samples” of their future final products they can indeed make some money from. And in turn they get a whole bunch of free BETA testers and critics to help their R&D. It is a win win for both user and providers. :)

On another note, I just keep getting surprised by little things this does on it’s own. Yesterday in playing around trying to customize menus and windows, I switched my window “borders” in themes to “Crux” to dress things up a bit. It looks kind of like a thin metallic toolbar across the top. But it has a fancy graphic in the left of the bar. This graphic is the ugly green, and I have all my icons and buttons blue. So I told myself that the two together were ugly and not going to work and planned on figuring out how to either change that green to match the blue, or get rid of it this morning.

So I boot up this morning and the reboot caused it to already change it’s self to the matching blue I needed. I keep running across little subtle things like this where the Linux coders really did care about small details like this where things tend to adapt and “fix themselves”. Many many times now I was like “wait... that would not work at all yesterday”, It is always trying to repair it’s self with almost AI tendencies. lol

[Openurmind]

It is easy to make a USB stick or DVD to just temporary boot into it and test drive it without actually making any changes to your machine yet, you can even get online with it running off the portable media. And if you do decide to go ahead and install it at some point, the installer program will ask and give you that option to load it alongside whatever you already have in there. In fact, you can load up as many as you like over each other.

I have two matching Mints loaded in mine so that if one ever fails for any reason, I can boot into the other and go fix it or retrieve files from the other. But in over two years now, the mint has not failed even once. It is as stable as a rock, and I haven’t even needed to upgrade the Kernel yet. It’s like the everready bunny... :)

Please PM me if you would like the links needed. While windows has the tool needed to make a DVD, there is a third party tool and details needed to make a USB stick rather than a DVD.

[daniel1212]

Unlike windows where you are stuck with whatever broken mouse trap they force you to use, the free market competitive community of Linux will create an environment where coders will always be competing to build a better mousetrap.

You are not helping Linux by making false statements as here, for rather than being stuck with whatever MS provides, there is a wealth of safe freeware which provide for very substantial customization and tweaks (over 200 just by one) and expand and enhance functionality. Which in scope and depth Linux alternatives (which are often are restricted to one class of Linux distros) fall short in (I can give examples).

Instead of always attacking Windows, and Linux promoters need to just focus on what it does well, and not be reluctant to enabled Linux to do what Windows does do well, natively and or thru 3rd party apps, which mimicking is how Linux has become a more attractive option to Windows, the use of GUI's being a major one.

One aspect of that was what I looked at today. In Mint, right clicking on a program icon like for LibreOffice Writer simply results in the options to Add to panel/desktop/favorites/ or uninstall, while in Windows (among other things, some of which I added. like Run as Administrator) this offers the option to not only go to the source but make a shortcut to launch the program right there, etc.:

Likewise right clicking on My Computer/My PC icon in Windows enables you to quickly go to Manage, and with its options such as Disk Management. Meanwhile the right clicking on the equivalent icon (Computer) in Mint (if you can even find it) only offers Open, Compress and Properties which provides very little.

Of course, most Windows users do not know or use this, nor what info is provided by simply running msinfo32 or dxdiag in the Run command (nor how to quickly access it via Windows key and r key together). Or canonical names to options , which type of command execution and scripts is common in Linux.

But the antiquated stigmas need to be corrected, and mainstream popularity and demand needs to increase first.

Well, its been about 30 years (from date of kernel). Diversity is good, ans sometimes forks are needed, but focus on developing and improving one and one desktop has been what is needed. Ubuntu helped, then it went with Unity which i guess went bad, and then Mint, but now Mx Linux i seeing almost twice the downloads as that. And then you have the desktop competition. And problems that Linux forum attest to, and many rude responses that seem to require one must hate Windows to use Linux, or be treated as stupid for not knowing how what "Terminal" means.

And I think this is also the thought with why the proprietary software sources are allowing the free use of their products without any restrictions. They know that if it does indeed become more popular there will come the time when they can start cashing in on these products.

That may be assumed, yet there is not further development going on for some, yet it should be made clear. Thus i do not install them, although i cannot say every video I watched (even on GodTube) have been out of copyright.

I keep running across little subtle things like this where the Linux coders really did care about small details like this where things tend to adapt and “fix themselves”. Many many times now I was like “wait... that would not work at all yesterday”, It is always trying to repair it’s self with almost AI tendencies. lol

Not so sure about AL repair, versus a reboot being needed for all changes to take place. With Windows usually restarting explorer.exe accomplishes this.

[Openurmind]

Get up on the wrong side of the bed this morning? What I said is absolutely true for the 95% of average users who do not have your very unique “personal extreme demands and skills” to implement a hundred different 3rd party apps just to keep the constant garbage MS shoves at them without choice working, just to have an operating OS period.

Your perspective and view point in judgement is obviously rooted in self, mine is rooted in compassion for those basic users who are indeed being abused and stuck with the garbage MS throws at them without choice because they don’t have your skills to fix it all. These folks have no choice but to trust what they are served up “as is”, and “as is” from MS now absolutely sucks for the average basic user.

Those who just want to have a stable “basic” well working simple GUI OS and peace of mind without the constant heartache and need of repair. Put yourself in their shoes instead of your own for once, MS is just no longer that simple stable OS is it? And I don’t know if you realized this or not, but when win 7 is no longer usable, we are going to loose a LOT of folks off the net who will indeed refuse to use or try to maintain failed windows 10, they just don’t know how. These are the folks who NEED a viable, simple, easy to use, stable alternative.

Now do I have a hatred for a company who could absolutely care less about their own customer’s experience or satisfaction at all? Do I have a hatred for a company who would indeed break their own product on purpose? Absolutely! At some point even basic immorality can be applied to their arrogant abusive monopoly business model. Failed OS aside, how can even this business model alone be defended? It would be like defending the guy at the tire shop who came out and sliced all your remaining good tires to make sure you have to buy all four instead of just one, And then finding out they are the ONLY tire shop, and then thanking them for what a good job they did...

[Openurmind]

Just trying to share that there is indeed a different tire shop they can go to that will not do this crap to them... :)

[daniel1212]

What I said is absolutely true for the 95% of average users who do not have your very unique “personal extreme demands and skills” to implement a hundred different 3rd party apps just to keep the constant garbage MS shoves at them without choice working, just to have an operating OS period.

Rather, portraying Windows as "where you are stuck with whatever broken mouse trap they force you to use" is simply not accurate, as even without 3rd party apps that Windows excels with, it offers a good amount of GUI customization. And turning off things like telemetry is at least as easy to find out with Windows as it is with finding answers to the problems Linus forums abound with, relative to their minute desktop market share.

There is no "wrong side of the bed," but basically it is a reaction against lack of objectivity. Which you should not react so strongly against. Linux uses should not have to promote their products by railing on Windows.

Your perspective and view point in judgement is obviously rooted in self, mine is rooted in compassion for those basic users who are indeed being abused and stuck with the garbage MS throws at them without choice because they don’t have your skills to fix it all.

No, it is you would shows a very one-sided view of the reality. Even 4 years ago the majority of Windows 10 users said they were happy with the OS, and in 2019, only about 2% of all desktop operating systems ran on Linux versus about 90% Windows.

You can blame it on whatever you want in order to justify your narrative of "basic users who are indeed being abused and stuck with the garbage MS throws at them without choice because they don’t have your skills to fix it all," as if Linux does not have any real learning curve. However, the reality is that if Windows was that bad and Linux that good then you would see far more adoption of the latter. Esp. since it it free and has many vocal advocates. The reason 96.3% of the world’s top 1 million servers run on Linux is because it is good for that limited service, besides being pros who use it.

And rather than being all for Windows and against Linux, as you are in the opposite direction, I am against the excessive hype for the Linux desktop (going on for years) versus Windows, I see Linux as having great potential, and my criticism should be considered helpful in that direction. Instead, it is too often like a sacred cow that no one dare point out shortcomings in.

These folks have no choice but to trust what they are served up “as is”, and “as is” from MS now absolutely sucks for the average basic user.

That is simply rank biased nonsense, Windows users have many choices, and as with Linux users with their many problems (again, look at the issues and views on forums ), which "power user" me can well attest, they have a choice to seek help online. With more helpful forums i think.

Those who just want to have a stable “basic” well working simple GUI OS and peace of mind without the constant heartache and need of repair. Put yourself in their shoes instead of your own for once, MS is just no longer that simple stable OS is it?

More bias, while if MS used to be a simple stable OS thenm the Linux users who used to rail against it as you do against Windows 10 were wrong. I and multitude others have founds Windows 10 to be very stable, unless perhaps you have outdated hardware and or "drive" to bad sites, etc. I do advise delaying updates for 35 days however, which I can easily do under the GUI. I have been using Windows from 3.1 to 10 Pro, and rarely have a system problem with Win/8-10, despite my heavy tweaking. But I usually had basic issues with Linux distros i really tried, although Knoppix did well for what I needed it for, and Puppy seemed the most enjoyable.

And I don’t know if you realized this or not, but when win 7 is no longer usable, we are going to loose a LOT of folks off the net who will indeed refuse to use or try to maintain failed windows 10, they just don’t know how. These are the folks who NEED a viable, simple, easy to use, stable alternative.

Which means that your criticism of Windows is only with 10, for rather than Windows users being a poor bunch of folks stuck with whatever MS gives them, Windows 7 users like what they have so much they want to keep running them despite lack of updates.

And no, I do not think they will get off the Internet. XP has more desktop users then Linux, and windows 10, is not failed, and if users don’t know how to get free help for issues with it then they should not try Linux. Look how many attempts i had to make just to install Mint with a working wireless on a PC with fairly new HW.

Now do I have a hatred for a company who could absolutely care less about their own customer’s experience or satisfaction at all? Do I have a hatred for a company who would indeed break their own product on purpose? Absolutely!... It would be like defending the guy at the tire shop who came out and sliced all your remaining good tires to make sure you have to buy all four instead of just one,

Rather than objectivity i see this a result of unbalanced devotion to one product while subscribing to a conspiratorial nonsense against the competition. "Break their own product on purpose?"

Instead, why not allow that most are happy with Windows based on what they say, despite the bugs Windows users can experience (and balanced reviews of Linux continue to find many with the distros they find) and yet promote the positive aspects of Linux distros, at least your favorite.

Again, i see much potential with Linux, and the PC Mint is running on is serving well in the limited use it is for, on the same hardware Windows 10 ran very well on, despite and with its extensive customization.

If I could really do programing then i believe I could produce a very user-friendly well featured Linux distro with the extensive scope of easy customization I mention (too often).

But which I cannot, and with my stiff arthritic fingers about every third word has a missed key typo. So i hope to continue to learn and tweak a little here and there, and maybe buy multimedia codecs if needed to be legal.

I did not want to get youget upset, and thanks again for the help and encouragement.