Home » News » Microsoft patches serious Windows vulnerability after NSA tip

Microsoft patches serious Windows vulnerability after NSA tip

The U.S. intelligence agency believes attackers will not waste time developing tools to exploit the vulnerability.

Microsoft has released a security patch to close a serious security hole in the Windows operating system. Cybercriminals could use this to disguise malware as code from an authorized source.

The vulnerability addressed in this month’s Patch Tuesday rollout affects a critical cryptographic component of Windows 10, Windows Server 2019, and Windows Server 2016. The vulnerability was discovered by the United States Department of Foreign Affairs, NSA. In this case, the NSA officially disclosed the discovery of a software vulnerability for the first time.

Indexed as CVE-2020-0601, the bug concerns the “Validation of certificates with elliptic curves (ECC) by the Windows CryptoAPI (Crypt32.dll)”, says Microsoft’s security warning, The Crypt32.dll-Modul is responsible for many certification and cryptographic messaging functions in the CryptoAPI.

“An attacker could exploit the vulnerability by using a fake code signing certificate to identify a malicious program file. It would appear to be from a trustworthy, legitimate source, ”said Microsoft.

In other words, cybercriminals could make their victims install malware by disguising the malware, for example, as a legitimate software update (even from Microsoft itself). Her victims would not suspect anything at all.

“The user could not know that the file is harmful because the digital signature would appear to come from a trustworthy provider,” as the technology giant explained.

“A successful exploit could allow attackers to perform man-in-the-middle attacks and decrypt sensitive information. This is done by connecting the users to the affected software, ”says Microsoft.

“Serious and widespread”

Hours before the official announcement, rumors arose that the upcoming Patch Tuesday rollout would not be an ordinary one. In fact, some people in the security community have been waiting on hot coals after experienced security journalist Brian Krebs more than hinted at the magnitude of the problem:

“An extremely serious security vulnerability,” wrote Krebs when he said Bug described Monday night, The U.S. government and military, as well as several well-known companies, are said to have received the patch in advance.

The severity of the situation eventually triggered a wave of reports and warnings from the US authorities. Overall, closed one warning the Cyber ​​Security and Infrastructure Security Authority (CISA), a Emergency Policy the Ministry of Internal Security (DHS), which called for accelerated patching for state institutions and federal agencies, and a Expert opinion from the NSA yourself one.

“Serious and widespread consequences can be expected without a patch. Remote exploitation tools are likely to be developed quickly and made widely available. A quick installation of the patch would currently be the only possible limitation of damage and should be the primary focus for all network owners, ”wrote the news service. Neither the NSA nor Microsoft are aware that the Vulnerability currently exploited becomes.

Windows 7, which can be the same day End of life reached, Windows 8 or other Windows systems are not affected by the vulnerability.

The Patch Tuesday bundle consists of fixes for a total of 49 vulnerabilities, which are in this table of the SANS Technology Institute. Two critical bugs in the Windows Remote Desktop Gateway (RD Gateway), CVE-2020-0609 and CVE-2020-0610, are particularly noticeable because they allow cybercriminals to run arbitrary code on the attacked system.



Tomáš Foltýn

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.