ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
22 January 2020

Patch and protect against the Windows cryptographic vulnerability with Microsoft Defender ATP

A headshot photo of ThirdSpace consultant Paul Rouse.
Written by Paul Rouse

Microsoft has released an important patch as part of this month's updates and enhanced their ATP software to ensure sustained security.

January 2020’s security update release for Windows 10 and Windows Server 2016/2019 contains an important fix for “a broad cryptographic vulnerability” that impacts the Windows Operating system.

This warrants attention – the vulnerability discovered is severe enough that the United States National Security Agency (NSA) have issued a Cybersecurity Advisory, and the United States Department of Homeland Security have issued an Emergency Directive, both directing organisations to patch this flaw as soon as possible.

What is the Windows CryptoAPI vulnerability?

The vulnerability first identified by the NSA (CVE-2020-0601), impacts the Windows CryptoAPI. This is a core component of the Windows operating system that handles cryptographic operations.

The identified vulnerability specifically relates to the way that the CryptoAPI component validates Elliptic Curve Cryptography (ECC certificates).

Why is this important?

Windows relies on trusting code-signing certificates to determine whether to run an application or executable.

If an attacker can now compromise the root of trust for applications, then the potential exists for this vulnerability to be exploited to allow malicious software with spoofed code-signing certificates to run on an endpoint – thereby bypassing the underlying certificate trust-based protection mechanisms built into the operating system.

Successful exploitation of this flaw can also allow a malicious actor to conduct man-in-the-middle attacks and decrypt confidential information on user connections to affected software.

The NSA have deemed this vulnerability to be so serious, they provided advance notice of the issue to critical infrastructure providers within the United States prior to the patch being released.

What operating systems are affected?

The following operating systems are impacted by the identified flaw:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2016 (server core installation)
  • Windows Server 2019
  • Windows Server 2019 (server core installation)
  • Windows Server, version 1803 (server core installation)
  • Windows Server, version 1903 (server core installation)
  • Windows Server, version 1909 (server core installation)

What do I need to do?

Microsoft have released a patch to address the vulnerability.

All customers are urged to apply January’s security updates as soon as possible.

What are the ramifications if I don’t act?

Microsoft have not yet seen active exploitation of this flaw in the wild, so have marked the patch as “Important” rather than the highest “Critical” level used for major security flaws. However, the NSA states that:

“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors.

“NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable.”

Microsoft Defender Demo: Extended detection and response

Microsoft Defender Demo: Extended detection and response

Learn about the key features of Microsoft's new holistic solution for extended detection and response (XDR) – and see it in action! We'll show you:

  • Defender’s threat protection, hunting, and self-healing functionality
  • How to protect across multiple clouds, estates, and technologies
  • How you can improve threat intelligence reporting and analytics
Watch now

Detecting and protecting – Microsoft Defender Advanced Threat Protection

As you would expect from recognised leaders in endpoint protection, Microsoft immediately deployed updated protection and alerting mechanisms to Microsoft Defender Advanced Threat Protection (MDATP).

This includes:

  • Detection of files with crafted certificates that exploit the certificate validation vulnerability.
  • Updated behavioural-based detections to identify possible exploitation attempts.
  • Threat and vulnerability management capabilities updated to discover and remediate this vulnerability on endpoints.
  • Access to an in-depth threat analytics report providing the following information: Technical details; detection and mitigation information; advanced hunting queries to proactively hunt for exploitation.

Useful links

For more information about this vulnerability, visit the Microsoft website.

To find out more about Microsoft Defender Advanced Threat Protection, watch our on-demand webinar.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

A headshot photo of ThirdSpace consultant Paul Rouse.

About Paul Rouse

EMS Consultant

Paul is a Microsoft certified consultant with extensive experience of high-level solution design and implementation using industry-leading technology from major vendors. Paul's 19 years of IT...


You may also like...


Remote working fuels 2022 Cyber Essentials changes – Are you ready to meet the new security standard?


A quick guide to Microsoft 365 E5 Security and Compliance add-ons


Microsoft 365 licensing: E3 vs. E5 – Which is right for you?

Recent Blog Articles

View All
Related topics

Microsoft Defender Demo: XDR in action!

See the key features of Microsoft’s extended detection and response (XDR) solution in action.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.