A critical vulnerability has been discovered in several different Windows operating systems. The vulnerability can be exploited to forge certificates and cause malicious software not to be detected during installation.

 

Several Windows operating systems are vulnerable

Recently, the NSA went out and reported about a critical vulnerability in several variants of Windows systems. It is reported to be Windows 10 and Windows Server 2016/2019 which can be vulnerable unless the latest security update is installed (January 2020).

This vulnerability goes under the designation CVE-2020-0601 and has the nickname 'NSACrypt'. NSACrypt exists in the Crypt32.dll module in Windows, where various crypto and certificate functions exist. It is mainly Crypt32.dll's way of validating Elliptic Curve Cryptography (ECC) certificates that causes this vulnerability.

Microsoft has gone out and confirmed that the vulnerability exists but has not released any technical details on how it can be exploited. If Windows systems are left vulnerable, attackers can forge digital signatures of software and deceive the operating system to install malicious software. This, in turn, can cause an attacker to gain external access to the victim's device and may pose a major threat to corporate infrastructure. The victim does not even notice that the malicious software is malicious because the forged digital signature looks normal.

 

An update is available

Microsoft has released a new security update for January 2020. It is recommended that all Windows users update as soon as possible to avoid being affected by multiple vulnerabilities. It addresses 49 different vulnerabilities, including CVE-2020-0601 (NSACrypt).

New vulnerabilities are regularly detected and security updates are sent out to address most of these. Does your infrastructure have the latest security updates?

CYPRO offers various security solutions. click here to book a free consultation.

 

By Ludwig Wideskär, CYPRO

SwedishEnglish