Microsoft has released an important patch as part of this month's updates and enhanced their ATP software to ensure sustained security.
January 2020’s security update release for Windows 10 and Windows Server 2016/2019 contains an important fix for “a broad cryptographic vulnerability” that impacts the Windows Operating system.
This warrants attention – the vulnerability discovered is severe enough that the United States National Security Agency (NSA) have issued a Cybersecurity Advisory, and the United States Department of Homeland Security have issued an Emergency Directive, both directing organisations to patch this flaw as soon as possible.
The vulnerability first identified by the NSA (CVE-2020-0601), impacts the Windows CryptoAPI. This is a core component of the Windows operating system that handles cryptographic operations.
The identified vulnerability specifically relates to the way that the CryptoAPI component validates Elliptic Curve Cryptography (ECC certificates).
Windows relies on trusting code-signing certificates to determine whether to run an application or executable.
If an attacker can now compromise the root of trust for applications, then the potential exists for this vulnerability to be exploited to allow malicious software with spoofed code-signing certificates to run on an endpoint – thereby bypassing the underlying certificate trust-based protection mechanisms built into the operating system.
Successful exploitation of this flaw can also allow a malicious actor to conduct man-in-the-middle attacks and decrypt confidential information on user connections to affected software.
The NSA have deemed this vulnerability to be so serious, they provided advance notice of the issue to critical infrastructure providers within the United States prior to the patch being released.
The following operating systems are impacted by the identified flaw:
Microsoft have released a patch to address the vulnerability.
All customers are urged to apply January’s security updates as soon as possible.
Microsoft have not yet seen active exploitation of this flaw in the wild, so have marked the patch as “Important” rather than the highest “Critical” level used for major security flaws. However, the NSA states that:
“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors.
“NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable.”
Watch on-demand for a breakdown of each ATP technology and discover how to:
As you would expect from recognised leaders in endpoint protection, Microsoft immediately deployed updated protection and alerting mechanisms to Microsoft Defender Advanced Threat Protection (MDATP).
This includes:
For more information about this vulnerability, visit the Microsoft website.
To find out more about Microsoft Defender Advanced Threat Protection, watch our Understanding ATP on-demand webinar.
Need some assistance?
If you’re concerned that this discovered flaw might leave you vulnerable, our experts are on hand to advise and assist with any worries you may have.
Arrange a Vision Call with our experts and we’ll work with you to ensure your devices remain secure.
Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.
Request Vision Call
Award-winning solutions
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
Please upgrade your browser
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:
Windows MacPlease note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.
