Microsoft has released a software update to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organisations have been asked to sign agreements preventing them from disclosing details of the flaw prior to the first Patch Tuesday of 2020, taking place yesterday.
According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.
A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.
Experts Comments
Linkedin Message
@Kevin Bocek, VP Security Strategy & Threat Intelligence, provides expert commentary at @Information Security Buzz.
"These vulnerabilities should remind us about the blind trust we have in cryptography and machine identities. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Kevin Bocek, VP Security Strategy & Threat Intelligence, provides expert commentary at @Information Security Buzz.
"These vulnerabilities should remind us about the blind trust we have in cryptography and machine identities. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Jonathan Knudsen, Senior Security Strategist , provides expert commentary at @Information Security Buzz.
"The seriousness of this vulnerability demonstrates the importance of updating. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Jonathan Knudsen, Senior Security Strategist , provides expert commentary at @Information Security Buzz.
"The seriousness of this vulnerability demonstrates the importance of updating. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), provides expert commentary at @Information Security Buzz.
"Exploitation of this vulnerability will allow an attacker to bypass the trust of all network connections on Windows 10...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Tim Mackey, Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center), provides expert commentary at @Information Security Buzz.
"Exploitation of this vulnerability will allow an attacker to bypass the trust of all network connections on Windows 10...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Amit Yoran, Chairman and CEO , provides expert commentary at @Information Security Buzz.
"None of these questions change what organisations need to do at this point to protect themselves...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Amit Yoran, Chairman and CEO , provides expert commentary at @Information Security Buzz.
"None of these questions change what organisations need to do at this point to protect themselves...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary at @Information Security Buzz.
"Importantly, users are also urged not to trust website or emails with links that offer patches for the crypot32.dll. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary at @Information Security Buzz.
"Importantly, users are also urged not to trust website or emails with links that offer patches for the crypot32.dll. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Ambuj Kumar, CEO , provides expert commentary at @Information Security Buzz.
"Elliptic curves have had a bad reputation. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Ambuj Kumar, CEO , provides expert commentary at @Information Security Buzz.
"Elliptic curves have had a bad reputation. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"These sorts of vulnerabilities are also most likely to be exploited by advanced cyber criminals and nation-state attackers...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"These sorts of vulnerabilities are also most likely to be exploited by advanced cyber criminals and nation-state attackers...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Chris Hodson, CISO , provides expert commentary at @Information Security Buzz.
"As we have learnt from attacks like WannaCry, the failure to patch known vulnerabilities can be devastating...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Chris Hodson, CISO , provides expert commentary at @Information Security Buzz.
"As we have learnt from attacks like WannaCry, the failure to patch known vulnerabilities can be devastating...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Stuart Reed, UK Director, provides expert commentary at @Information Security Buzz.
"Actively ensuring the patch is deployed or monitoring the network more broadly...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Stuart Reed, UK Director, provides expert commentary at @Information Security Buzz.
"Actively ensuring the patch is deployed or monitoring the network more broadly...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Renaud Deraison, Co-founder and CTO, provides expert commentary at @Information Security Buzz.
"CVE-2020-0601 hits at the very trust we have in today\'s digital computing environments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Renaud Deraison, Co-founder and CTO, provides expert commentary at @Information Security Buzz.
"CVE-2020-0601 hits at the very trust we have in today\'s digital computing environments...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Pratik Savla, Senior Security Engineer , provides expert commentary at @Information Security Buzz.
"Digital signature is one of the most important mechanisms Microsoft provides...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Pratik Savla, Senior Security Engineer , provides expert commentary at @Information Security Buzz.
"Digital signature is one of the most important mechanisms Microsoft provides...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Linkedin Message
@Max Vetter, Chief Cyber Officer , provides expert commentary at @Information Security Buzz.
"Human capability in cyber security is such a valuable resource...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Max Vetter, Chief Cyber Officer , provides expert commentary at @Information Security Buzz.
"Human capability in cyber security is such a valuable resource...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Wicus Ross, Senior Researcher, provides expert commentary at @Information Security Buzz.
"Microsoft has also released patches in response to two other vulnerabilities regarding the Remote Desktop Gateway. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions
Facebook Message
@Wicus Ross, Senior Researcher, provides expert commentary at @Information Security Buzz.
"Microsoft has also released patches in response to two other vulnerabilities regarding the Remote Desktop Gateway. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/major-flaw-in-windows-10-discovered-by-the-nsa-experts-reactions