Welcome to this January Patch Tuesday Bulletin, the first for 2020! This month we have 50 unique CVE’s, 5 technologies with critical updates, and no publicly disclosed or exploited vulnerabilities. While there were no known attacks in the wild it is important to pay attention to CVE-2020-0601. This vulnerability could allow an attacker to sign malicious executables using a spoofed code-signing certificate. Microsoft also acknowledged the National Security Agency for finding this vulnerability. Make sure that .NET, .NET Core, and ASP.NET vulnerabilities are updated since they are all rated critical. Follow up with Internet Explorer and then the technologies rated important. Microsoft also notes that support Windows 7, Server 2008, and Server 2008 R2 will end Jan 14.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.