ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
22 January 2020

Patch and protect against the Windows cryptographic vulnerability with Microsoft Defender ATP

  • Cyber security
  • Windows 10
Paul Rouse

Microsoft has released an important patch as part of this month's updates and enhanced their ATP software to ensure sustained security.

January 2020’s security update release for Windows 10 and Windows Server 2016/2019 contains an important fix for “a broad cryptographic vulnerability” that impacts the Windows Operating system.

This warrants attention – the vulnerability discovered is severe enough that the United States National Security Agency (NSA) have issued a Cybersecurity Advisory, and the United States Department of Homeland Security have issued an Emergency Directive, both directing organisations to patch this flaw as soon as possible.

 

What is the Windows CryptoAPI vulnerability?

The vulnerability first identified by the NSA (CVE-2020-0601), impacts the Windows CryptoAPI. This is a core component of the Windows operating system that handles cryptographic operations.

The identified vulnerability specifically relates to the way that the CryptoAPI component validates Elliptic Curve Cryptography (ECC certificates).

Why is this important?

Windows relies on trusting code-signing certificates to determine whether to run an application or executable.

If an attacker can now compromise the root of trust for applications, then the potential exists for this vulnerability to be exploited to allow malicious software with spoofed code-signing certificates to run on an endpoint – thereby bypassing the underlying certificate trust-based protection mechanisms built into the operating system.

Successful exploitation of this flaw can also allow a malicious actor to conduct man-in-the-middle attacks and decrypt confidential information on user connections to affected software.

The NSA have deemed this vulnerability to be so serious, they provided advance notice of the issue to critical infrastructure providers within the United States prior to the patch being released.

What operating systems are affected?

The following operating systems are impacted by the identified flaw:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2016 (server core installation)
  • Windows Server 2019
  • Windows Server 2019 (server core installation)
  • Windows Server, version 1803 (server core installation)
  • Windows Server, version 1903 (server core installation)
  • Windows Server, version 1909 (server core installation)

What do I need to do?

Microsoft have released a patch to address the vulnerability.

All customers are urged to apply January’s security updates as soon as possible.

What are the ramifications if I don’t act?

Microsoft have not yet seen active exploitation of this flaw in the wild, so have marked the patch as “Important” rather than the highest “Critical” level used for major security flaws. However, the NSA states that:

“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors.

“NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable.”

Webinar: Understanding Advanced Threat Protection (ATP)

Watch on-demand for a breakdown of each ATP technology and discover how to:

  • Protect email, files and apps against attacks
  • Proactively detect attacks and zero-day exploits
Watch on-demand now

Detecting and protecting – Microsoft Defender Advanced Threat Protection

As you would expect from recognised leaders in endpoint protection, Microsoft immediately deployed updated protection and alerting mechanisms to Microsoft Defender Advanced Threat Protection (MDATP).

This includes:

  • Detection of files with crafted certificates that exploit the certificate validation vulnerability.
  • Updated behavioural-based detections to identify possible exploitation attempts.
  • Threat and vulnerability management capabilities updated to discover and remediate this vulnerability on endpoints.
  • Access to an in-depth threat analytics report providing the following information: Technical details; detection and mitigation information; advanced hunting queries to proactively hunt for exploitation.

 

Useful links

For more information about this vulnerability, visit the Microsoft website.

To find out more about Microsoft Defender Advanced Threat Protection, watch our Understanding ATP on-demand webinar.

Need some assistance?

If you’re concerned that this discovered flaw might leave you vulnerable, our experts are on hand to advise and assist with any worries you may have.

Arrange a Vision Call with our experts and we’ll work with you to ensure your devices remain secure.

You may also like...

Blog

Identify, analyse and remediate: What is Microsoft Threat Protection (MTP)?

Blog

Never trust, always verify: What is the Microsoft Zero Trust security model?

Blog

How and why to move to Azure Information Protection (AIP) unified labeling

Recent Blog Articles

View All
Author
Paul Rouse
EMS Consultant
Learn More

Need advice? Our experts are waiting...

Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.

Request Vision Call
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.