Critical Flaw in the Cryptographic Library for Windows
On January 14, 2020, the NSA issued a Cybersecurity Advisory highlighting a vulnerability in Microsoft Windows 10 and Windows Server 2016/2019 (CVE-2020-0601). At issue is a critical cryptographic vulnerability in Microsoft devices whereby attackers could spoof a valid X.509 certificate chain on a vulnerable Windows system. Exploiting this vulnerability could, for example, allow an attacker to sign a malicious executable, making it appear the file was from a trusted, legitimate source. Additionally, an attacker can use this vulnerability to intercept and alter encrypted HTTPS traffic by leveraging a Man-In-The-Middle position and alter the digital signature provided in the established TLS connection.
The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability could allow attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. This could possibly affect:
The only known mitigation is to apply Microsoft’s January 2020 Patch Tuesday patch with recommendation from the NSA to apply as quickly as possible. Patches can be found here.
Patching Windows machines is an extensive effort that takes time and resources under normal circumstances. While this alert drives the urgency and need for immediate response, many Windows 10 devices may have restrictions on updates and patching, further delaying mitigation efforts. For example, devices which have to be certified upon update, such as medical devices or clinical research devices. This also includes OT devices on production lines or in utilities running the affected versions of Windows.
As an agentless and passive device security platform, Armis is able to do the following:
Sign up to receive the latest news