On Tuesday, January 14, Microsoft released a patch for an extremely dangerous vulnerability in the cryptographic component of the kernel affecting all versions of Windows.
According to the KrebsOnSecurity portal, the company has already sent patches to US defense companies and other critical customers and asked them to sign a non-disclosure agreement on vulnerability details.Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020”, — reports Brian Krebs.
According to KrebsOnSecurity sources, the vulnerability is present in the Windows module called crypt32.dll, which is responsible for certificates and exchanging by encrypted messages in CryptoAPI. In turn, CryptoAPI ensures work of services that enable developers to protect Windows applications with encryption, and includes tools for encryption and decryption of data using digital certificates.
A critical vulnerability in this component can pose a security risk for a number of important Windows functions, including the authentication function on Windows PCs and servers, protection of confidential data processed by Microsoft Internet Explorer/Edge browsers, as well as for some third-party applications and tools.
Vulnerability in crypt32.dll can also be used to spoof a digital signature associated with a specific software. Thus, an attacker has the opportunity to present malware as legitimate, as if it was released and signed by a legitimate manufacturer.
Since the crypt32.dll component has been present on Windows for twenty years, the vulnerability affects all versions of the OS, starting with Windows NT 4.0 (including the no longer supported Windows XP).
Through our Security Update Validation Program (SUVP), we release advance versions of our updates for the purpose of validation and interoperability testing in lab environments. Participants in this program are contractually disallowed from applying the fix to any system outside of this purpose and may not apply it to production infrastructure”, — Microsoft said in a written statement.
However, Will Dormann, a security researcher who authors many of the vulnerability reports for the CERT Coordination Center (CERT-CC), tweeted today that “people should perhaps pay very close attention to installing tomorrow’s Microsoft Patch Tuesday updates in a timely manner. Even more so than others. I don’t know… just call it a hunch?”
Exploitation of vulnerabilities in Microsoft products by government hackers can have dire consequences in the context of increased tensions between the US and Iran. However, Korean hackers also have accounts for the company – recently Microsoft took control over 50 domains of the Thallium group.
