Important Cybersecurity Advisory

A cybersecurity advisory from CFC’s in-house incident response team, and the Microsoft Security Response Center.

The US National Security Agency has announced the discovery of a serious cybersecurity vulnerability within Windows 10 and Windows Server 2016/2019. The vulnerability exploits a component known as “CryptoAPI”. Microsoft has released a patch to fix it. All users of these operating systems are advised to implement this patch immediately.

Developers use digital signatures to prove that their software is legitimate and not tampered with. However, the aforementioned security vulnerability could allow an attacker to spoof legitimate software. This would undermine how Windows verifies trust, allowing the running of malicious software, like ransomware, in the background. According to Microsoft, the user would have no way of knowing a file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow attackers to conduct man-in-the-middle attacks and decrypt confidential information on connections to affected software.

The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. This includes HTTPS connections; signed files and emails; and signed executable code launched as user-mode processes.

Businesses running affected systems should install all patches from January 2020 as soon as possible, prioritizing endpoints that provide essential services.

Links to critical patches are contained within the Security Guidance Advisory from Microsoft.

Microsoft advises that as a best practice, it is encouraged that all users turn on automatic updates. It is also important to please note: Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.

It is strongly recommended that you upgrade any computers running these versions of Windows. This will ensure that you get the best support from Microsoft, and continue to receive updates.

Not covered for cybersecurity risks? Please visit our Cyber Risks page for more information.