Microsoft Patched Bug In Windows Component That Has Been Around For Decades

Windows patched

Operating systems are software created by humans. And for that, they inherit flaws.

Microsoft is the well-known tech company that create the Windows operating system. And here, the popular operating system had a serious flaw, but didn't mark it critical. That until the U.S. National Security Agency (NSA) discovered that the flaw was more than what it seemed.

The flaw in question happened to be in the way Microsoft handles certificate and cryptographic messaging functions in Windows.

As it turned out, the flaw could allow attackers to spoof the digital signature tied to pieces of software, allowing unsigned and malicious code to masquerade as legitimate software.

The bug should be a big problem in situations where a system rely on digital certificates to validate the software the machines run. This made it a huge security issue if left unpatched.

The NSA reported the flaw to Microsoft, and it’s recommending Windows users to patch it immediately, or prioritize systems that host critical infrastructure like domain controllers, VPN servers, or DNS servers.

According to a post by security reporter Brian Krebs, the flaw affected authentication on Windows desktops and servers.

The vulnerability in question resided in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” It's this CryptoAPI that provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

This component was first introduced in Windows NT 4.0 in 1996.

A critical vulnerability in this Windows component could have wide-ranging security implications, as it may affect other important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

The flaw could also be used by hackers to spoof the digital signature tied to a specific piece of software.

If exploited, hackers can make malware to appear as if it is produced and signed by a legitimate software company.

System folder

“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors,” says NSA in a statement. “NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable.”

After being notified, Microsoft patched the flaw which was found on Windows 10, Windows Server 2016, and Windows Server 2019.

The software giant said that it didn't see any active exploitation of the flaw.

It is not very often that the NSA is reporting this kind of issue directly to Microsoft. As a matter of fact, this is the first time the NSA has accepted attribution from Microsoft for a vulnerability report

Previously, NSA had a tool dubbed 'EternalBlue', which was leaked to the public and caused widespread damage.

This tool led to the creation of the notorious WannaCry ransomware, cryptocurrency miner malware, EternalSilence, as well as the more recent Taylor Swift malware and other variants.