**This NACD Regulatory Alert is published with permission from the National Association of Chemical Distributors**
The U.S. Department of Homeland Security (DHS) has issued an urgent alert about recently discovered vulnerabilities in Microsoft Windows. Microsoft has released a patch for these vulnerabilities. DHS urges all entities that use these Windows platforms to install the patches immediately.
The first vulnerability, CrytoAPI spoofing, impacts Windows 10 and allows malicious actors to spoof the certificate/trust system, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization.
The other, Multiple Windows Remote Desktop Protocol (RDP) vulnerabilities, impacts the Windows Remote Desktop client and RDP Gateway Server and allows for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.
You can find additional details here - https://www.us-cert.gov/ncas/alerts/aa20-014a.
Datacor has updated our hosted servers. We recommend non-hosted customers update their servers and computers as soon as possible.
Thank you to the NACD for keeping the industry updated on these important security concerns!
