Microsoft has released an important patch as part of this month's updates and enhanced their ATP software to ensure sustained security.
January 2020’s security update release for Windows 10 and Windows Server 2016/2019 contains an important fix for “a broad cryptographic vulnerability” that impacts the Windows Operating system.
This warrants attention – the vulnerability discovered is severe enough that the United States National Security Agency (NSA) have issued a Cybersecurity Advisory, and the United States Department of Homeland Security have issued an Emergency Directive, both directing organisations to patch this flaw as soon as possible.
The vulnerability first identified by the NSA (CVE-2020-0601), impacts the Windows CryptoAPI. This is a core component of the Windows operating system that handles cryptographic operations.
The identified vulnerability specifically relates to the way that the CryptoAPI component validates Elliptic Curve Cryptography (ECC certificates).
Windows relies on trusting code-signing certificates to determine whether to run an application or executable.
If an attacker can now compromise the root of trust for applications, then the potential exists for this vulnerability to be exploited to allow malicious software with spoofed code-signing certificates to run on an endpoint – thereby bypassing the underlying certificate trust-based protection mechanisms built into the operating system.
Successful exploitation of this flaw can also allow a malicious actor to conduct man-in-the-middle attacks and decrypt confidential information on user connections to affected software.
The NSA have deemed this vulnerability to be so serious, they provided advance notice of the issue to critical infrastructure providers within the United States prior to the patch being released.
The following operating systems are impacted by the identified flaw:
Microsoft have released a patch to address the vulnerability.
All customers are urged to apply January’s security updates as soon as possible.
Microsoft have not yet seen active exploitation of this flaw in the wild, so have marked the patch as “Important” rather than the highest “Critical” level used for major security flaws. However, the NSA states that:
“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors.
“NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable.”
Learn about the key features of Microsoft's new holistic solution for extended detection and response (XDR) – and see it in action! We'll show you:
As you would expect from recognised leaders in endpoint protection, Microsoft immediately deployed updated protection and alerting mechanisms to Microsoft Defender Advanced Threat Protection (MDATP).
For more information about this vulnerability, visit the Microsoft website.
To find out more about Microsoft Defender Advanced Threat Protection, watch our on-demand webinar.
Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.
Paul is a Microsoft certified consultant with extensive experience of high-level solution design and implementation using industry-leading technology from major vendors. Paul's 19 years of IT...
READ AUTHOR'S FULL BIO
See the key features of Microsoft’s extended detection and response (XDR) solution in action.Watch now
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.