2 min read

Microsoft Patch Tuesday busts "NSACrypt" vulnerability in Windows OS

Alina BÎZGĂ

January 16, 2020

Microsoft Patch Tuesday busts "NSACrypt" vulnerability in Windows OS

The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems.

Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remote code execution and affects the way Windows verifies cryptographic trust.

According to the NSA report, the vulnerability, tracked as CVE-2020-0601, extends to all Windows 10, Windows Server 2016/2019 and applications that rely on Windows for trust functionality.

Signed files and emails, HTTPS connections and signed executable code launched as user-mode processes are some examples where the validation process may be exploited by an attacker.

In a successful attack, “the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” said the report.

How can users and business protect their systems? As there is no workaround for this type of vulnerability, the “NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible.” If automated patching is not possible for enterprises, they should at least “prioritize patching endpoints that provide essential or broadly replied-upon services” such as endpoints directly exposed to the Internet or used by privileged users.

Mechele Gruhn, the head Security Program Manager from Microsoft also confirmed the security flaw in separate blog post on Jan. 14.

“This month we addressed the vulnerability CVE-2020-0601 in the usermode cryptographic library, CRYPT32.DLL, that affects Windows 10 systems,” said Gruhn. “This vulnerability is classed Important and we have not seen it used in active attacks.”

Eight of the 49 vulnerabilities patched in the January 2020 Patch Tuesday released by Microsoft are flagged critical.

Worthy mentions in this month”s batch of security updates are also CVE-2020-0609 and CVE-2020-0610, two remote execution bugs found in the RDP Gateway services that require no user interactions to be exploited by unauthorized parties.

Although the no exploitation of the vulnerabilities has been reported in the whild, it”s better to be safe than sorry, and downloading the latest Windows update is highly recommended.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read