Microsoft is expected to launch a major software update on Tuesday, January 14 that will solve an “extraordinarily serious security vulnerability” that affects a central cryptographic component found in all versions of Windows. This will be the first version of Microsoft’s 2020 patch Tuesday.
January 14 is also the day that Microsoft will end support for Windows 7.
As reported by KrebsOnSecurity, Microsoft has already released a patch to correct the error for the US military. UU. And other important and high profile clients. These clients have been asked to sign agreements that prevent them from revealing details of the failure on January 14, 2020 or earlier.
The fault is found in the crypt32.dll system file that handles “certificate and cryptographic messaging functions in CryptoAPI”. It is also used by Microsoft CryptoAPI, which is used to protect cryptography applications and encrypt / decrypt digital certificates. This component is used by key Microsoft applications such as Internet Explorer and Edge to securely handle confidential data.
You can use a bug in crypt32.dll to fake digital signatures that attackers can use to make malware look like a safe and genuine application on your PC.
The report also states that the NSA Director of Cybersecurity, Anne Neuberger, will organize a press conference on January 14 where “it will provide advance notification of a current cybersecurity problem.”
Microsoft, for its part, has already issued a statement saying it does not analyze any vulnerability before launching a solution for them. He also made it clear that he will not implement updates ready for production before his regular Tuesday update schedule.