Private Sector Update

Created and distributed by the U.S. Department of Homeland Security Private Sector Office private.sector@dhs.gov | 202-282-8484

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

01/14/2020 02:08 PM EST

Original release date: January 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.

Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible. Review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com.

This service is provided to you at no charge by the U.S. Department of Homeland Security.

Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes.

U.S. Department of Homeland Security · www.dhs.gov · 202-282-8000

The IT Guys Support Blog

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

Private Sector Update

Our Facilities

Administrivia

Helpdesk Access

Click the shamrock to email us!

The Home Computer