Time to patch those systems! A vulnerability has been discovered in the Microsoft Cryptographic library CRYPT32.DLL, a Windows component that deals with security certificates and cryptographic messaging functions. Successful exploitation of this vulnerability could allow for attackers to compromise trusted network connections using spoofed certificates. This can be used to deliver malicious executable code under the pretense of a legitimately trusted entity, commit man-in-the-middle attacks, and decrypt confidential information. Examples of potentially impacted services include HTTPS connections, signed emails and files, and user-mode processes launching signed executable code.
Affected systems include: Windows 10, Windows Server 2016, 2019 and applications that rely on Windows for trust functionality.
What Should You Do?
Check for any patching prompts or updates in your “Settings” to ensure your systems were properly patched. If you have any questions or concerns, contact us and we can help.
Good News for Windows 7 Users
Those who have not yet upgraded PCs to Windows 10 have been given an extra month of security. Because Windows 7 support coverage happened to end on Patch Tuesday, those still using the older platform are eligible for these important updates, and therefore given an extension of coverage until February 11 (date of next Patch Tuesday).
In other words, unless an out-of-band update released between now and then, Windows 7 PCs are now safe until at least 2/11/2020. If an update for Windows 7 is published then, the clock then starts ticking as hackers race to reverse engineer the patch with the goal of easily compromising un-patched Window 7 PCs. If you are still using Windows 7 and were lucky to receive this one-month reprieve, learn more about your upgrade options today!
For more information on this update: https://www.zdnet.com/article/microsoft-fixes-windows-crypto-bug-reported-by-the-nsa/