The flaw was assigned an “important” severity rating

Jan 15, 2020 06:50 GMT  ·  By

Microsoft has released patches for Windows 10 and Windows Server to resolve a vulnerability reported by the NSA and which would allow a malicious actor to run malware disguised as a legitimate app.

The flaw, which prior to the release of the patches was describes as “extraordinarily scary,” affects the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

A successful exploit technically gives the attacker the power of conducting a man-in-the-middle attack and then be able to decrypt sensitive information.

“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” Microsoft says.

NSA warns of “severe” consequences

The vulnerability was given an “important” severity rating, with Microsoft explaining that exploitation is more likely. However, the company isn’t aware of any attacks happening in the wild.

On the other hand, the NSA has published its own advisory of the flaw, urging everyone to patch devices as soon as possible.

“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available,” the NSA says.

If enterprise-wide patching isn’t possible, the NSA says, devices that perform TLS validation, DNS, VPN, and update servers should be prioritized.

All Windows 10 versions released so far are affected, along with Windows Server 2016, Windows Server 2019, and Windows Server version 1809, 1903, and 1909. The patches are included in this month’s cumulative updates.