NSA and CISA Issue Warnings About New Microsoft Cybersecurity Vulnerabilities

The patches are available from Microsoft, and the NSA and CISA both recommend Windows 10 and Windows Server 2016 users implement the fixes immediately.

NSA and CISA Issue Warnings About New Microsoft Cybersecurity Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. CISA officials say a remote attacker could exploit these vulnerabilities to decrypt, modify or inject data on user connections.

Although Emergency Directive 20-02 applies only to certain executive branch departments and agencies, CISA strongly recommends state and local governments, the private sector and others also patch these critical vulnerabilities as soon as possible.

The National Security Agency (NSA) notified Microsoft of the vulnerability, and Microsoft released software fixes, which can be found here.

According to the NSA, the certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples where validation of trust may be impacted include:

  • HTTPS connections
  • Signed files and emails
  • Signed executable code launched as user-mode processes

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.

Both the NSA and CISA recommend that organizations immediately install patches as soon as possible. In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services. Examples include:

  • Windows-based web appliances, web servers, or proxies that perform TLS validation.
  • Endpoints that host critical infrastructure (e.g. domain controllers, DNS servers, update servers, VPN servers, IPSec negotiation).

Prioritization should also be given to endpoints that have a high risk of exploitation. Examples include:

Endpoints directly exposed to the internet.

  • Endpoints regularly used by privileged users.

Additional guidance from the NSA can be found here.

The good news with this particular vulnerability is that it appears to not have been used yet, reports Fast Company.

About the Author

Robin Hattersley Gray
Contact:

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!


Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ