Some sites interested in programming and the Internet have warned of a software vulnerability that may pose a threat to devices connected to the Internet and operating Windows systems.
According to the available information, experts at the information security company “Akamai” warned of a serious software vulnerability that could be exploited to penetrate “Windows” systems in a report They posted it on their security updates site.
Experts pointed out that the vulnerability that bore the code “CVE-2022-34689” was discovered last year, and Microsoft corrected it with the launch of security updates for “Windows” systems, but many users of those systems did not update the operating versions in their devices, so it is still present. The risk of exploiting this vulnerability to penetrate systems.
According to experts, the aforementioned vulnerability impersonates the encrypted application programming interface of the “Windows CryptoAPI” services, which provides developers with securing their applications in “Windows” systems.
Misuse of this vulnerability would enable hackers to “plant” malicious applications that could potentially be exploited in “ransomware attacks”, knowing that one of the roles of “Crypto API” is to verify the validity of digital certificates, and the Akamai report says that the vulnerability exists. in this job.
To validate the certificate, the Crypto API service first checks whether the certificate is already in the cache of the application to be verified. If so, the Crypto API treats the received certificate as verified.
For their part, Microsoft specialists indicated that the severity of the aforementioned vulnerability was assessed at 7.5 out of 10, and that the company had launched a security update to address it last October.
According to the report, a lot of code that uses the “Crypto API” may be exposed to this vulnerability, which may require patches even for suspended versions of “Windows”, such as “Windows 7” (Windows 7).
However, this is not quite as scary as it seems at first glance, as there are a limited number of vulnerable applications and Windows components that are easy catches for this vulnerability.
Research on the vulnerability is still ongoing, and this means that you should update your systems, because vulnerabilities like this will keep coming back and haunting us if not handled properly.
