• We're doing a weekly newsletter recap - if you want this for your inbox, sign up here - http://eepurl.com/gLrSUj

NSA Discovers Major Cryptographic Security Flaw Present in "All Versions of Windows"

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
1,294
Points
83
Amusingly enough, Windows 7's EOL date has coincided with a great reason to upgrade from the aging operating system. Krebs on Security received word of a major security vulnerability yesterday involving crypt32.dll, a Windows module present on all versions of the OS since NT 4.0.

Sources claimed that there was a critical vulnerability in the component that "could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools." It also allowed attackers to spoof digital signatures, meaning that malware could be made to look legitimate.

The security flaw was largely hush-hush until the NSA's media call today, in which Director of Cybersecurity Anne Neuberger announced the bug and outlined it in a two-page document ("Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers"). Everything was kept under wraps because it was deemed a serious "cybersecurity issue" that "makes trust vulnerable." This happens to be the first security flaw reported to Microsoft by the NSA.

Microsoft has already pushed out a patch for this (CVE-2020-0601), which can be applied to all versions of Windows 10, Windows Server 2016/2019, and Windows Server version 1803/1903/1909. Again, this incident is new ammo for those who think Windows 7 users are crazy for sticking to an older OS.

ZDNet has compiled a full list of the 49 vulnerabilities addressed by today's Patch Tuesday fixes.
 

Uvilla

Sort-of-Regular
Joined
Oct 13, 2019
Messages
192
Points
28
Yeah, the NSA just wants to upgrade their backdoors to w10... They are probably tired of having to use 2 or 3 different backdoors depending on the OS... Its just plain lazy!!
 

Grimlakin

Semi-regular
Joined
Jun 24, 2019
Messages
673
Points
63
those of you responsible for protecting customer data get on this one. Administrators let your security teams know. This also impacts 2016 and 2019 server OS's as well.
 

Grimlakin

Semi-regular
Joined
Jun 24, 2019
Messages
673
Points
63
Does anyone else think the timing of this release with older windows versions being vulnerable but JUST NOW no longer being supported as suspect?
 

{NG}Fidel

Sort-of-Regular
Joined
Jul 11, 2019
Messages
151
Points
28
Does anyone else think the timing of this release with older windows versions being vulnerable but JUST NOW no longer being supported as suspect?
No im not into that type of conspiracy theory.
Does anyone really think an Microsoft OS that old wont have security flaws?
 
Become a Patron!
Top