The Cybersecurity Advisory committee of the National Security Agency (NSA) has recently uncovered a critical Window CryptoAPI Spoofing Vulnerability in Windows 10 operating systems of Microsoft. The security cell found that the Crypt32.dll module which enables remote code execution. It also affects the way Windows verify cryptographic trust. Tracked vulnerability by NSA report, extends to all Windows 10, applications that rely on windows and Windows Server 2016 and 2019. This is aimed at trust functionality. Attackers may exploit signed files and emails, executable code launched as user processes and HTTPS connections. This is very first te when Microsoft credited NSA for early exposure of bug. The users would have no chance of knowing that the file was malicious as the digital signature would appear to be from a trusted provider, in a successful attack. Microsoft says that an attacker could exploit this bug as to sign a malicious executable, making it appear the file was from a legitimately trusted source.
Along with faking file signatures, the bug could also be used to fake digital certificates that are used for encrypted communications. Attackers could also conduct a man in middle attacks and decrypt the confidential information from the user side to the affected software. Previously, other cybersecurity agencies have reported major vulnerabilities to Microsoft. For example, in May 2019, the now infamous BlueKeep bug was reported by the UK National Cyber Security Centre. NSA’s general approach to reporting has changed via this bug report. This will be followed in other bug reports. By the NSA, advance notice was also sent to critical infrastructure operators to these official patches, letting them know in advance that a major fix was coming. By the NSA, advance notice was also sent to critical infrastructure operators to these official patches, letting them know in advance that a major fix was coming.
How can business and users protect their systems?
There is no direct way to be protected from this type of vulnerability. What can be done is following NSA recommendations. So it is advised to install all January 2020 patches as soon as possible. Sometimes, automated patching is not possible for enterprises, in that case, they should be directly using patching endpoints which are either used by privileged users or exposed to the internet. The head Security Program Manager, Mechele Gruhn, from Microsoft has also confirmed the security flaws on Jan 14 in separate blogs post. He also mentioned we have not seen it used in active attacks, so this vulnerability is categorized as important. Vulnerability observed was CVE-2020-0601 in the user mode cryptographic library, CRYPT32.DLL. Out of a total of 49 vulnerabilities, eight are flagged critical by Microsoft in the January 2020 patch. Also, in this month’s batch of security updates, CVE-2020-0609 and CVE-2020-0610 are also, two remote execution bugs found in the RDP Gateway services. These two require no user interactions to be exploited by unauthorized parties. Though till now, no exploitation of the vulnerabilities has been reported, It is strongly recommended downloading the latest windows update as it is better to be safe than sorry. It’s quite unusual and extremely rare to see the NSA reporting these types of vulnerabilities directly to Microsoft. Government agency has done it before too, so, it is not it’s the first time.
Though, This is the first time the National security agency NSA has accepted attribution from Microsoft for a vulnerability report. It was a new initiative to make the Agency’s research openly available to software vendors and the public. Two years back, Windows’ file-sharing protocol was leaked which caused widespread damage. The file-sharing protocol was dubbed as Eternal blue. It affected UK’s National Health Service to the Russian Ministry of the Interior. It caused WannaCry ransomware and other variants locking up computers. In this case, Even Windows XP has reached the end of support, Microsoft was forced to issue an emergency patch for Windows XP. Despite all, Microsoft is not marking it as critical but NSA has warned its own advisory and suggests it a major vulnerability. As per the NSA report, the vulnerability puts Windows endpoints at risk to a broad range of exploitation vectors. This vulnerability is severe and sophisticated cyber actors will understand the underlying flaw very quickly. There is no reason to delay patching though. So this Tuesday, Microsoft has released a security update to fix broad cryptographic vulnerability highly impacting the Windows operating system. “The bug was discovered and reported by the US NSA (National Security Agency)” said the NSA Director of Cybersecurity Anne Neuberger in a press call. Windows users should apply this patch quickly.