Critical Windows patch for cryptography library issued

Yesterday, Microsoft released a patch which fixes a critical spoofing vulnerability that exists in the Windows CryptoAPI library, CRYPT32.DLL. This flaw can facilitate remote code execution, man-in-the-middle, and other attacks through a wide variety of delivery methods, including browsers and emails. Encryption is not an effective defense in this case. Detection of an attack using this method is unlikely because the flaw allows forged traffic to appear to be legitimate. The official guidance is that the issue exists in all Windows 10 versions and all versions of Windows Server 2016 and Windows Server 2019; other sources have reported that all versions of Windows may be affected.

Full details of the vulnerability can be found on Microsoft’s Security Response Center website and an NSA briefing paper.

This has been reported in detail elsewhere, but it bears repeating: this is a vulnerability which is highly likely to be exploited sooner than later. Don’t wait.


More Posts

Facebook Owes You Money!

Facebook is being forced to pay a whopping $725 million in a settlement following a number of lawsuits claiming they violated users’ privacy and shared their data without their knowledge or consent. See the details and how you can claim your money.

5 Habits Your Employees Must Stop!

Today, antivirus alone cannot and will not protect you, especially when you download an infected file that is designed to circumvent your security protocols. Here are 5 things you need to STOP doing now to ensure you don’t get hacked.

Send Us A Message

Schedule for High Priority Assistance