Cryptic Rumblings Ahead of First 2020 Patch Tuesday

guest · Jan 13, 2020

Cryptic Rumblings Ahead of First 2020 Patch Tuesday
January 13, 2020
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows.

Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.”
Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software.
Click to expand...

Update 7:49 p.m. ET: Microsoft responded, saying that it does not discuss the details of reported vulnerabilities before an update is available. The company also said it does “not release production-ready updates ahead of regular Update Tuesday schedule.
Click to expand...

Original story:
Will Dormann, a security researcher who authors many of the vulnerability reports for the CERT Coordination Center (CERT-CC), tweeted today that “people should perhaps pay very close attention to installing tomorrow’s Microsoft Patch Tuesday updates in a timely manner.

It could be that the timing and topic here (cryptography) is nothing more than a coincidence, but KrebsOnSecurity today received a heads up from the U.S. National Security Agency (NSA) stating that NSA’s Director of Cybersecurity Anne Neuberger is slated to host a call on Jan. 14 with the news media that “will provide advanced notification of a current NSA cybersecurity issue.”
Click to expand...

hawki · Jan 14, 2020

mood said: ↑

Cryptic Rumblings Ahead of First 2020 Patch Tuesday
January 13, 2020
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
Click to expand...

"NSA found a dangerous Microsoft software flaw and alerted the firm — rather than weaponize it

The National Security Agency recently discovered a major flaw in Microsoft’s Windows operating system [WIN 10] — one that could potentially expose computer users to significant breaches or surveillance, and alerted the firm to the problem rather than turn it into a hacking weapon, according to people familiar with the matter...

The disclosure represents a major shift in the NSA’s approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries’ networks, according to the people familiar with the matter who spoke on condition of anonymity because of the sensitivity of the matter. . Microsoft plans to issue a patch for the flaw on Tuesday...

The discovery has been likened to a slightly less severe version of the Microsoft flaw that the NSA once weaponized by creating a hacking tool dubbed EternalBlue,.."
Click to expand...

https://www.washingtonpost.com/nati...24c926-3679-11ea-bb7b-265f4554af6d_story.html

hawki · Jan 14, 2020

hawki said: ↑

https://www.washingtonpost.com/nati...24c926-3679-11ea-bb7b-265f4554af6d_story.html
Click to expand...

"...Companies like Microsoft and Adobe use digital signatures to stamp software as authentic. This helps to prevent malware infections that might try to disguise themselves as legitimate. The NSA discovered an error in the Microsoft code that verifies those signatures, potentially enabling a hacker to forge the signature and install spyware or ransomware on a computer..."

https://www.washingtonpost.com/nati...24c926-3679-11ea-bb7b-265f4554af6d_story.html

Log in or Sign up

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

guest Guest

hawki Registered Member

hawki Registered Member

Log in or Sign up

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

guest Guest

hawki Registered Member

hawki Registered Member

Useful Searches