KrebsonSecurity has reported that Microsoft plans to kick off patch Tuesday by delivering a fix for a substantial cryptographic flaw present in all versions of Windows. Krebs believes the flaw lies within the crypt32.dll file, and if unpatched it could leave installations vulnerable to malware spoofing as trusted components with fake digital signatures that appear to be valid. It’s reported that Microsoft discretely shipped a patch to certain military and other high-profile organizations which were required to sign an agreement stating those who received the patch would not reveal details before today. Microsoft has since denied this claim but did agree that the flaw is present and will be patched.
Analyst Notes
If customers use a Windows product or operating system that is listed in any of the patches they should download them immediately. If there are questions or concerns, users can attempt to contact Microsoft directly or seek help from another security professional regarding the vulnerabilities and patches and how they may be affected by them. The day after patch Tuesday is always a big day for cybercriminals to attempt to exploit vulnerabilities which is why it is imperative to implement these patches immediately.
Source: https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
