Today is patch Tuesday, and there are KrebsonSecurity reports that Microsoft may be preparing to patch a very serious cryptographic flaw in Windows that could make installations vulnerable to malware impersonation as reliable components.
Sources say Microsoft will correct an extraordinarily terrifying flaw on all versions of Windows on Tuesday, in a central cryptographic component that could be abused to falsify the source of digitally signed software. Apparently, DoD and some others got an advanced patch https://t.co/V6PByhjTNR
– briankrebs (@briankrebs) January 13, 2020
Reportedly, the failure in the crypt32.dll Windows component is so serious that Microsoft sent a patch to government security services in advance, with KrebsonSecurity saying:
The sources tell KrebsOnSecurity that Microsoft Corp. is scheduled to launch a software update on Tuesday to correct an extraordinarily serious security vulnerability in a central cryptographic component present in all versions of Windows. Those sources say that Microsoft has quietly sent a patch for the error to the branches of the US military. UU. And to other high-value clients / objectives that manage the key Internet infrastructure, and that these organizations have been asked to sign agreements that prevent them from revealing details of the failure before January 14, the first patch Tuesday, 2020.
However, in a later statement, Microsoft denied this, but a more serious problem is that the component is present in all versions of Windows that date back to Windows NT, and that Windows 7 installations are not expected without contract contracts. Extended service be repaired today.
PCWorld speculates that this would be the perfect opportunity to push Windows 7 users to finally update themselves, although with such a serious vulnerability, Microsoft will probably still deliver a patch, as they have done for Windows XP.
However, this will not always be the case, which suggests that the time of regular users should really be for Windows 7.