This vulnerability will affect all the version of Windows past decades, 20 years.
Microsoft will soon release a patch on 14 Jan 2020 for this extremely dangerous vulnerability in a Windows module called crypt32.dll. This crypt32.dll is responsible for certificates and it is also responsible for exchange of encrypted messages in the Windows Crypto API. This API helps developers encryption and decryption of data using digital certificates. This flaw can be misused by malware writer and even ransomware writer in spoofing digital certificates and the malware will appear as a benign program.
According to KrebsOnSecurity portal, Microsoft has already shared the patch with the defense organizations and the country wide critical infrastructures. According to International Institute of Cyber Security, this vulnerability poses a serious threat on the important Windows functions:
- Windows Authentication on desktop and servers
- Confidential data retained by Microsoft Internet Explorer and Edge browsers
- and third-party applications.
This vulnerability is present in Windows from decades, starting Windows NT. Microsoft will release a patch on Tuesday and possibly some more information regarding the vulnerability.
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.
