CVE-2020-0611
published 2020-01-14CVE-2020-0611: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote…
high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.5HIGH
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability
vendor_msrc·2020-01-14·CVSS 7.5
CVE-2020-0611 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker
GHSA
GHSA-qh65-w426-vjrh: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24
CVE-2020-0611 [MEDIUM] CWE-20 GHSA-qh65-w426-vjrh: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
VulnCheck
Remote Desktop Client Remote Code Execution
vulncheck·2020·CVSS 7.5
CVE-2020-0611 [HIGH] Remote Desktop Client Remote Code Execution
Remote Desktop Client Remote Code Execution
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cisa.gov/news-events/cybersecurity-advisories/aa20-014a; https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Feb_2020_Edition_1.pdf
No detection rules found.
No public exploits indexed.
Trendmicro
January Patch Tuesday: IE, RDP, Crypto Bugs Updates
blogs_trendmicro·2020-01-15·CVSS 9.8
[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates
## January Patch Tuesday: IE, RDP, Crypto Bugs Updates
Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive.
By: Trend Micro 2020/01/15 Read time: ( words)
Save to Folio
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.
The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway ser
Trendmicro
January Patch Tuesday: IE, RDP, Crypto Bugs Updates
blogs_trendmicro·2020-01-15·CVSS 9.8
[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates
## January Patch Tuesday: IE, RDP, Crypto Bugs Updates
Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive.
By: Trend Micro Jan 15, 2020 Read time: ( words)
Save to Folio
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.
The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway s
Trendmicro
January Patch Tuesday: IE, RDP, Crypto Bugs Updates
blogs_trendmicro·2020-01-15·CVSS 9.8
[CRITICAL] January Patch Tuesday: IE, RDP, Crypto Bugs Updates
# January Patch Tuesday: IE, RDP, Crypto Bugs Updates
Microsoft released 49 patches in this cycle, eight of which are classifed Critical and the remaining 41 as Important. The fixes address a range of products, including RDP Gateway servers, Internet Explorer, CryptoAPI, Office, and OneDrive.
By: Trend Micro
2020/01/15
Read time: ( words)
Save to Folio
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time.
The listed vulnerabilities covered a range of Microsoft products including Windows RDP Gateway ser
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography
Zscaler
Critical Windows Update-CryptoAPI Spoofing | Blog
blogs_zscaler·2020-01-14
Critical Windows Update-CryptoAPI Spoofing | Blog
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Tenable
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
blogs_tenable·2020-01-14
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted sou
Qualys
January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns | Qualys
blogs_qualys·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns | Qualys
This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager.
### CryptoAPI Spoofing
A spoofing vulnerability (CVE-2020-0601) has been patched in Windows CryptoAPI (Crypt32.dll). An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate. Although Microsoft rated this as Important, NSA privately disclosed this vulnerability to Microsoft and should
Qualys
January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns
blogs_qualys·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns
This month’s Microsoft Patch Tuesday addresses 50 vulnerabilities with only 8 of them labeled as Critical. Of the 8 Critical vulns, one is for browser and scripting engines, 3 are for .NET Framework and one for ASP.NET. In addition, Microsoft has patched 3 critical RCEs in Remote Desktop Gateway and Remote Desktop Client. Adobe issued patches today for Illustrator CC and Experience Manager.
## CryptoAPI Spoofing
A spoofing vulnerability ( CVE-2020-0601 ) has been patched in Windows CryptoAPI (Crypt32.dll). An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate. Although Microsoft rated this as Important, NSA privately disclosed this vulnerability to Microsoft and shoul
Crowdstrike
Vulnerability Roundup: 10 Critical CVEs of 2020
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Vulnerability Roundup: 10 Critical CVEs of 2020
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2020-01-14
Published