Yesterday, January 14, Microsoft launched a patch for a critical security vulnerability in Windows 10, and Windows Server 2016 and 2019, among others. The vulnerability, categorized as CVE-2020-0601, which was discovered by the NSA, affects a component known as CryptoAPI (Crypt32.dll).
Among the features of the CryptoAPI component is its use in digital signatures. Because of this, the vulnerability could allow legitimate software to be spoofed, facilitating the execution of malicious software on the affected endpoint to deploy remote code execution attacks. GitHub explains that, after the publication of this vulnerability, remote exploitation tools are likely to be quickly developed. This is why it is vital to apply the patch as soon as possible.
As Microsoft explains, the unauthorized use of a digital signature would mean that the “user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider”.
The CERT Coordination Center, the vulnerability disclosure center at Carnegie Mellon University, stated that the vulnerability could be used to intercept and modify HTTPS and TLS communications.
Microsoft has said that it has yet to see any evidence of this vulnerability being actively exploited. But it has classified the bug as “important”. In fact, it could impact as many as 900 million endpoints all around the world. It therefore poses a serious danger for users and the privacy of their data.
The NSA and vulnerabilities
The NSA confirmed in a call with reporters that it had found this vulnerability. After the discovery, it handed over the details of the flaw to Windows in order for the company to develop the patch. Anne Neuberger, director of cybersecurity at the NSA, confirmed that once the vulnerability had been discovered, it passed through a decision-making process to determine whether to maintain control of the flaw to use in offensive security operations, or whether to report it to the manufacturer.
Just three years ago, the NSA was harshly criticized for having found and used a Windows vulnerability to carry out surveillance operations instead of reporting it to Windows. This vulnerability was later used to create an exploit called EternalBlue, which gained infamy worldwide when it was used in the WannaCry ransomware attacks.
Jake Williams, a former NSA hacker, explained to TechCrunch that the fact that the vulnerability had been reported to Windows rather than weaponized was “encouraging”. Williams says that, “This one is a bug that would likely be easier for governments to use than the common hacker. This would have been an ideal exploit to couple with man in the middle network access.”
Before the patch was launched publicly, Microsoft shared the patch with the US government, military, and other high-profile organizations amid fears that the vulnerability could be exploited to actively attack vulnerable computers.
A skeleton key for cyberattackers
For a long time, a much sought-after goal of cyberattackers has been to pass their software off as legitimate. According to Williams, this flaw could work as a kind of “skeleton key” to get around all kinds of security controls, facilitating the execution of malware without it being detected as such.
Patches: the best barrier against vulnerabilities
The only way to fix this vulnerability is by applying the patch launched by Microsoft. In fact, patches are essential cybersecurity tools, and must be applied as soon as they become available, since a vulnerability can cause a litany of security problems. However, in spite of this pressing need, the average time to apply a patch to a known vulnerability is 67 days.
The reason for this tends to be a lack of resources, tools, and time in a company. Another problem we often come across is that organizations have trouble prioritizing which patches should be applied first.
To fix these problems, Panda Security has a solution specifically designed to help identify, manage and install patches. Panda Patch Management automatically searches for the patches needed to keep your company’s computers safe. It prioritizes the most urgent updates, and schedules their installation. It notifies of pending patches, even in detected exploits and malicious programs.
Panda Patch Management immediately launches the installation of these patches and updates, or they can be scheduled from the console, isolating the computer if needs be. This way, you can manage patches and updates to ensure that your company always runs smoothly. And you’ll complete your protection system in order to shield your assets. Find out more about Panda Patch Management here.
UPDATE NOW
The critical security vulnerability discovered by the NSA already has a patch to fix it: UPDATE NOW!
As always, our recommendation is to update and patch systems without delay.
Don’t wait, and apply the patch now, which can be downloaded from the Microsoft website:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
Keep an eye out as we update this post with more information.
Our customers are always protected
The 100% Attestation Service makes us immune to this attack, and virtually patches against this vulnerability by validating the behavior of applications, even if it has a trusted signature. If the application demonstrates anomalous or malicious behavior, it is classified as malware, even if it is signed by a trusted entity. This technology was developed by Panda Security and it’s natively included in Panda Adaptive Defense.
Our exclusive 100% classification service for applications monitors all endpoint activity, is focused on ensuring the trustworthiness of all running processes, and stopping malicious applications and processes from executing.
Make sure your company automatically adapts to the evolution of attacks, and enjoy the highest levels of prevention, detection, and response for all kinds of malware.