CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities [ 
https://www.us-cert.gov/ncas/current-activity/2020/01/14/cisa-releases-emergency-directive-and-activity-alert-critical 
] 01/14/2020 02:08 PM EST 
Original release date: January 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert 
addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and 
client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.

Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly 
recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as 
soon as possible. Review the following resources for more information:


  * Activity Alert AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems [ 
https://www.us-cert.gov/ncas/alerts/aa20-014a ] 
  * Emergency Directive 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday [ 
https://cyber.dhs.gov/ed/20-02/ ] 
  * CISA Blog: Windows Vulnerabilities That Require Immediate Attention [ 
https://www.cisa.gov/blog/2020/01/14/windows-vulnerabilities-require-immediate-attention ] 
  * National Security Agency Cybersecurity Advisory [ 
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]