Notebookcheck Logo

The NSA reports "extraordinarily serious" Windows flaw to Microsoft: The US military's already received an update

The vulnerability could impact every Windows system released in the past 20 years (Image source: Microsoft)
The vulnerability could impact every Windows system released in the past 20 years (Image source: Microsoft)
Sources told Krebs on Security that Microsoft is working to patch an "extraordinarily serious" vulnerability, potentially affecting every Windows system released in the last 20 years.

January 14th was supposed to be Windows 7's last day. However, what was described as an “extraordinarily serious” flaw in all Windows systems over the past 20 years might force Microsoft to release one last patch for the ageing OS.

Sources close to KrebsOnSecurity claim that Microsoft is set to roll out a patch for a major Windows security vulnerability this week. The update already appears to have reached the US military, as well as “high-value customers.” What’s surprising, though, is who identified the security flaw. Anne Neuberger, the NSA’s Director of Cybersecurity, stated that the agency reported the vulnerability and reported it to Microsoft, the first time the agency has done so (at least on record).

The update is said to rectify critical issues with a Windows component called crypt32.dll. This component allows developers to implement data encryption and decryption functionality through digital certificates. Especially concerning is the possibility that a crypt32.dll flaw could be used to spoof digital signatures. If this turns out to be the case, threat actors could create and distribute malware that appears to be legitimately signed.  

Crypt32.dll was introduced to Windows over two decades ago. This means that a whole range of Windows versions, right down to Windows XP, may be affected. Microsoft has so far refused to discuss details about the issue. We’ll update you as soon as we hear more from them.

Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2020 01 > The NSA reports "extraordinarily serious" Windows flaw to Microsoft: The US military's already received an update
Arjun Krishna Lal, 2020-01-14 (Update: 2020-01-14)