Microsoft issues fix for critical Windows flaw disclosed by the NSA
1Reported today on TechSpot
For the full article visit: https://www.techspot.com/news/83551-microsoft-issues-fix-critical-windows-flaw-disclosed-nsa.html
Microsoft issues fix for critical Windows flaw disclosed by the NSA
Sometimes help comes from unexpected places
What just happened? Few things are more terrifying than receiving a warning from the National Security Agency (NSA), and that's exactly what happened to Microsoft yesterday. The intelligence organization discovered a severe flaw in Windows, and instead of harnessing that knowledge to further their own goals, the NSA's programmers disclosed it directly to Microsoft.
According to security news site KrebsonSecurity, the flaw in question resides in crypt32.dll, a Windows module that handles "certificate and cryptographic messaging functions in the CryptoAPI."
Krebs says CryptoAPI allows developers to "secure Windows-based applications using cryptography," among other things. If compromised, crypt32.dll could allow bad actors to spoof digital signatures on malware, making viruses appear legitimate while hiding far nastier surprises inside.
The site also says a vulnerability in this component may negatively impact the security of various Windows 10 features, including (but not limited to) "authentication on Windows desktops and servers," and the protection of sensitive data sent over the web via Microsoft Edge and Internet Explorer.
I get the impression that people should perhaps pay very close attention to installing tomorrow's Microsoft Patch Tuesday updates in a timely manner. Even more so than others.
I don't know... just call it a hunch?
¯\_(ツ)_/¯
- Will Dormann (@wdormann) January 13, 2020
Though Krebs speculates that "all versions of Windows" are likely to have been affected by this vulnerability (crypt32.dll has been in use since the early days of Windows), the NSA has so far only con