Critical Windows patch for cryptography library issued

TL;DR
Warning

Yesterday, Microsoft released a patch which fixes a critical spoofing vulnerability that exists in the Windows CryptoAPI library, CRYPT32.DLL. This flaw can facilitate remote code execution, man-in-the-middle, and other attacks through a wide variety of delivery methods, including browsers and emails. Encryption is not an effective defense in this case. Detection of an attack using this method is unlikely because the flaw allows forged traffic to appear to be legitimate. The official guidance is that the issue exists in all Windows 10 versions and all versions of Windows Server 2016 and Windows Server 2019; other sources have reported that all versions of Windows may be affected.

Full details of the vulnerability can be found on Microsoft’s Security Response Center website and an NSA briefing paper.

This has been reported in detail elsewhere, but it bears repeating: this is a vulnerability which is highly likely to be exploited sooner than later. Don’t wait.

Share:

More Posts

Database Design

5 Helpful Database Design Steps

While it might be tempting to try and keep your SQL database services in house, for many small businesses, outsourcing is the best option.

SQL Database FAQ

Frequently Asked Questions About SQL

While it might be tempting to try and keep your SQL database services in house, for many small businesses, outsourcing is the best option.

Send Us A Message

Schedule for High Priority Assistance