Microsoft Rushes to Patch a Huge Exploit affecting US Military PCs

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Editor-in-Chief
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure
Windows vulnerability fixed ahead of Patch Tuesday

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

The first Patch Tuesday of 2020 is right around the corner, and is seems that Microsoft is not starting the year very well.

After a very quiet December 2019 Patch Tuesday with little to no changes, the new update is set to address a very important security vulnerability tied to a core cryptographic component found in all versions of Windows.

Microsoft released a security patch prior to Patch Tuesday

The component is called Crypt32.dll and is responsible for the implementations of most Certificate and Cryptographic Messaging functions in the CryptoAPI:

Crypt32.dll is a module that comes with the Windows and Windows Server operating systems, but different versions of this DLL provide different capabilities.

While this may sound a bit to technical, the most important thing you’ll need to know is that the CryptoAPI helps developers to add more security to Windows apps through cryptography. The encryption and decryption of data is done using digital certificates.

To further confirm this security breach, it seems that the big M supposedly released a patch to fix it before the January 14 Patch Tuesday. It was sent to important customers, companies that work with Internet infrastructure, and branches of the U.S. military.

Of course, Microsoft made sure that none of them can disclose the issue before January 14th through non-disclosure agreements. As a response to KrebsonSecurity , the company stated:

Through our Security Update Validation Program (SUVP), we release advance versions of our updates for the purpose of validation and interoperability testing in lab environments. Participants in this program are contractually disallowed from applying the fix to any system outside of this purpose and may not apply it to production infrastructure.

The implications as well as the security risks are huge, considering the fact that the U.S. military and other high-priority targets were the first in line on Microsoft’s list.

Can this vulnerability affect my Windows PC?

Somewhat confirming the vulnerability, Will Dormann, Vulnerability Analyst at the CERT/CC, shared a very interesting tweet:

If you were wondering about first-hand implications, know that the security flaw can affect basic Windows functions, personal data from Internet Explorer/Edge, authentication and login security, and other third-party apps.

This is very concerning, as it can lead to malware attacks and loss of private data.

As a reminder, all Windows versions are affected, including Windows XP and Windows Vista or 7. So prepare yourself for a very bumpy Patch Tuesday and keep an eye on WindowsReport’s January 14 Patch Tuesday articles to find out any new development.

Still having issues? Fix them with this tool:

SPONSORED

If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: