2

15 Jan

Rumors of an ‘extraordinarily serious’ Windows vulnerability suggest users need to update today (Associated Press)

New Windows 10 ‘Extraordinarily Serious’ Security Warning For 900 Million Users

It appears that there could be what one leading investigative reporter has called “an extraordinarily serious security vulnerability” in a core cryptographic component that is present in Windows 10.

Before you take a deep breath and relax because you’re still using Windows 8, Windows 7 or Windows XP, that same crypto component is present in all versions of Windows.

Those same sources suggested the vulnerability is within crypt32.dll, a Windows component that deals with security certificates and cryptographic messaging functions. The CryptoAPI is what enables developers to secure Windows-based applications and any critical vulnerability here could impact encryption and decryption using digital certificates. It could also affect authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

How big could this Windows security problem be?

  1. At this point, no disclosure has been made and neither Microsoft nor the NSA is saying anything beyond confirming that details of any vulnerability will not be discussed before an update has been made available.
  2. According to security professional John Opdenakker, “If it’s true that there are vulnerabilities in Microsoft’s CryptoAPI, the potential impact can be big.”
  3. Sean Wright, chapter lead at OWASP Scotland, says, “If the fix has already been shipped to organizations such as the U.S. military, it further backs up this suspicion. It’s going to be really interesting to see what it is.
  4. Boris Cipot, a Sr. Security Engineer at Synopsys, said that this is a serious issue as crypt32.dll is needed to secure the operating system, so applying the patch as soon as it is released is key. Users are also urged NOT to trust website or emails with links that offer patches for the crypot32.dll.

 

Contact Ocean Computer Group to help you increase your security measures and better protect your business.

800.722.7023 | sales@oceancomputer.com

 

Recent News:

Customers get unmatched security with Windows Server and SQL Server workloads in Azure

New to Microsoft 365 in June—updates to Microsoft Cloud App Security, PowerPoint, Outlook, and more

Ocean Computer Group Contracts with the City of Atlantic City for IT Consulting and Support Services