Vulnerability Affecting Windows Server: Action Required

15th January, 2020 by

The National Security Agency (NSA) recently released a critical vulnerability alert affecting all Windows 10 and Windows Server 2016/2019 users and administrators. The alert notifies that any systems utilizing the affected operating systems need to be patched immediately.  

 

Microsoft Windows Server 2016/2019 – Critical patch required 

A critical vulnerability affecting Microsoft Windows and Microsoft Windows 2016/2019 (CVE-2020-0601) corrupts cryptographic functionality. An attacker can exploit the vulnerability to create falsified trust in Windows verification. Through the vulnerability, attackers can enable remote code execution and defeat trusted network connections like TSL and SSL encryption. Executable code can then be delivered as a trusted entity.  

 

All Windows systems are at risk and need to be patched immediately 

An example of this attack would include an attacker posing as a trusted source through the critical vulnerability to inject data input into a file to execute it through the code’s parser. The system would not be notified of the intrusion through typical encryption methods and would believe the injection to be authentic.  

The alert from the NSA states that the vulnerability affects the following validations of trust:  

  • HTTPS connections 
  • Signed files and emails 
  • Signed executable code launched as user-mode processes 

According to Engadget, “An exploit in that area could affect authentication on Windows desktops and servers, sensitive data on Microsoft’s Internet Explorer and Edge browsers and many third-party applications.” The vulnerability can be utilized by attackers to spoof legitimate digital signatures and install malware. 

The NSA report states, “The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.” 

 

Mitigating the vulnerability 

If your systems run a version of the affected Windows systems, it is crucial that you install the patch as soon as possible. The NSA recommends that “system owners prioritize patching endpoints that provide essential or broadly replied-upon services.” 

Affected endpoints include: 

  • Web servers 
  • Proxies that perform TLS validation 
  • DNS servers 
  • Domain controllers 
  • VPN servers 
  • IPSec negotiation 
  • Windows-based web appliances.   

See a full description of the Windows 10 and Windows Server 2016/2019 critical vulnerability on NIST’s National Vulnerability Database 

If you have any questions about this update or any other issue regarding your 100TB hosting account, please contact our technical support team. They are available 24×7 to answer any questions you may have.  

The recently updated Windows system notice can be seen below.  

 

____________________________________________________________________________________ 

CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability 

Security Vulnerability 

Published: 01/14/2020 | Last Updated : 01/14/2020
MITRE CVE-2020-0601 

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. 

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. 

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. 

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.