Microsoft has released a software update to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organisations have been asked to sign agreements preventing them from disclosing details of the flaw prior to the first Patch Tuesday of 2020, taking place yesterday.
According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.
A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.
Experts Comments
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Wicus Ross, Senior Researcher, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Microsoft has also released patches in response to two other vulnerabilities regarding the Remote Desktop Gateway. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Wicus Ross, Senior Researcher, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Microsoft has also released patches in response to two other vulnerabilities regarding the Remote Desktop Gateway. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions