The Datacor Blog

DHS Issues Alert on Major Windows Vulnerability

January 16, 2020 by Caitlin O'Donnell

**This NACD Regulatory Alert is published with permission from the National Association of Chemical  Distributors**

The U.S. Department of Homeland Security (DHS) has issued an urgent alert about recently discovered vulnerabilities in Microsoft Windows. Microsoft has released a patch for these vulnerabilities. DHS urges all entities that use these Windows platforms to install the patches immediately.

The first vulnerability, CrytoAPI spoofing, impacts Windows 10 and allows malicious actors to spoof the certificate/trust system, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization.

The other, Multiple Windows Remote Desktop Protocol (RDP) vulnerabilities, impacts the Windows Remote Desktop client and RDP Gateway Server and allows for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

You can find additional details here - https://www.us-cert.gov/ncas/alerts/aa20-014a.

Datacor has updated our hosted servers. We recommend non-hosted customers update their servers and computers as soon as possible. 

Thank you to the NACD for keeping the industry updated on these important security concerns!

Topics: Datacor News, Cybersecurity


Caitlin O'Donnell

Written by Caitlin O'Donnell

Schedule a Free Consultation

Datacor offers products and services designed specifically for process manufacturers and chemical distributors. Contact us to learn more about our products and services. Call us now at (973) 822-1551 or fill out the form to the right.