KrebsonSecurity has reported that Microsoft plans to kick off patch Tuesday by delivering a fix for a substantial cryptographic flaw present in all versions of Windows. Krebs believes the flaw lies within the crypt32.dll file, and if unpatched it could leave installations vulnerable to malware spoofing as trusted components with fake digital signatures that appear to be valid. It’s reported that Microsoft discretely shipped a patch to certain military and other high-profile organizations which were required to sign an agreement stating those who received the patch would not reveal details before today. Microsoft has since denied this claim but did agree that the flaw is present and will be patched.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased