Microsoft and the NSA have confirmed the bug in Windows 10, which was described as severe. A fix is available through Windows Update now.
As expected, Microsoft has recognized a major flaw in Windows affecting the Windows 10 cryptographic library. Updates included in the January Patch Tuesday delivered yesterday correct this problem specific to Windows 10 and Windows Server.
The flaw with the reference CVE-2020-0601 has been identified in the usermode cryptographic library CRYPT32.DLL on Windows 10 systems. Contrary to previous rumors, this flaw does not affect Windows 7, for which, ironically, support ended yesterday also. Fortunately, Microsoft reported that the vulnerability was not being exploited. But since the vulnerability is now known, an attacker could exploit it. Specifically, the attack could allow malware to use a spoofed cyrptographic signature to enter a system. Antivirus software could therefore identify such malware as legitimate applications, or fake banking sites could use the vulnerability to trick a user’s computer into believing that it is on their legitimate bank site.
The NSA behind the discovery of the flaw
Microsoft has not cited the source behind the discovery of the vulnerability. According to the Washington Post, the exploit was developed by the US National Security Agency (NSA), which then reported it to Microsoft. The NSA took credit for the discovery in a security advisory released on Tuesday. According to Microsoft, the CVE-2020-0601 vulnerability only affects Windows 10. But the NSA believes it affects Windows Server 2016/2019 as well.
“Exploitation of the vulnerability allows attackers to prevent trusted network connections and deliver executable code masquerading as legitimate trusted entities,” the NSA said. “Trust validation can be impacted in HTTPS connections, for signed files and emails, and when a signed executable code is launched in user mode.”
A patch in express mode
The NSA advises everyone to apply the patches delivered yesterday by Microsoft as quickly as possible to avoid any risk to their PC. “The NSA rates the vulnerability as severe and savvy cyber actors will quickly understand the underlying flaw. If it were exploited, the platforms concerned would be very vulnerable, ”wrote the NSA.
“Failure to apply corrective measures exposes serious and widespread consequences. Remote operating tools will probably be available quickly and widely ”. Users should make sure their Windows 10 PCs are up to date and allow Windows Update to send the patch as soon as it becomes available. Microsoft provides details on the January 2020 Windows security updates at this address: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan.