ADP Vulnerability Statement – CVE-2020 – 0601, 0609, 0610, 0611

January 28, 2020

ADP has learned of the following vulnerabilities that can disrupt affected systems through unauthorized intrusion:

• CVE-2020-0601 - Microsoft CryptoAPI Spoofing Vulnerability
• CVE-2020-0609 & CVE-2020-0610 - Windows RDP Remote Code Execution Vulnerabilities
• CVE-2020-0611 - Windows Remote Desktop Client - Remote Code Execution Vulnerability

At this time, ADP has determined that none of its internal systems have been compromised by these attacks, and no intrusion has occurred. ADP’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

ADP’s Global Security Organization continues to actively monitor this situation as it does with all reported vulnerabilities. Clients are encouraged to visit ADP’s website at www.adp.com/trust to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP.