This, along with other vulnerabilities were caught by the necessary authorities and Microsoft themselves, and to the best of their knowledge, criminal entities have yet to take advantage of it though the risk is high.
Jukebox 17 Jan 2020 0
Microsoft has come out with an advisory warning users of a number of vulnerabilities that could be used by hackers to exploit the billions of users operating the Windows OS.
This also included patches that they say will fix several serious flaws in the Server 2019 and 2016 versions of Windows 10 that were flagged and reported to the company early on by the National Security Agency(NSA).
A press statement given by the NSA describes the flaw so,
The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution…
Exploitation of the vulnerability allows attacks to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities.
The statement continued,
Examples where the validation of trust may be impacted include:
Signed files and emails
Signed executable code launched as user-mode processes
The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.
The vulnerability dubbed CVE-2020-0601 can only be thwarted by a newly released update, which Microsoft says can be found in the Crypt32.dll module which includes the Certificate and Cryptographic messaging functions with the Windows Crypto API used for encryption and decryption purposes.
The NSA also issued a statement which stressed that as there are no proven ways to get around the established flaws, updating Windows software might be the one and only way to protect user systems and data
It is highly advised that Windows users update their software as soon as possible as there are no other ways to get around the vulnerability. Other Remote Desktop Gateway flaws have also been identified and can be used to effect malicious code on devices with a simple request enabled by a remote command. This, along with other vulnerabilities were caught by the necessary authorities and Microsoft themselves, and to the best of their knowledge, criminalentities have yet to take advantage of it though the risk is high.
The Microsoft team said,
This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system.
In the meantime, all users can do to protect themselves is to use the patch as advised. Update your software as soon as you can.