Microsoft has released a patch to resolve a critical vulnerability in all versions of Windows 10, Windows Server 2016 and 2019. The vulnerability is in the Microsoft CryptoAPI, which provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.
According to Microsoft’s advisory, “An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”
According to cyber security web site, Krebs on Security, “A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.
Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.”
What should I do next?
- If you have not already or your computer is not set up for automatic updates, Download Patch here and apply on all computers and servers required.
- Turn on automatic updates for Windows 10.
- Step 1: Open Windows Update Settings. Using the Windows 10 search bar in the bottom left search “Windows Update Settings” and select the systems settings link that populates.
- Step 2: Select Automatic Updates. Once in Windows Update Settings select “Advanced Options”. Ensure that Automatic is selected in the drop down.
If you have any questions on how this vulnerability affects your organization, send us a note at [email protected] and the team will be happy to assist.