Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
FSP Dagger Pro (850W PSU) review
Razer Leviathan V2 gaming soundbar review
Guru3D NVMe Thermal Test - the heatsink vs. performance
EnGenius ECW220S 2x2 Cloud Access Point review
Alphacool Eisbaer Aurora HPE 360 LCS cooler review
Noctua NH-D12L CPU Cooler Review
Silicon Power XPOWER XS70 1TB NVMe SSD Review
Hyte Y60 chassis review
ASUS ROG Thor 1000W Platinum II (1000W PSU) review
ASUS ROG Rapture GT-AXE11000 WIFI6E router review

New Downloads
GeForce 516.59 WHQL driver download
Media Player Classic - Home Cinema v1.9.22 Download
AMD Chipset Drivers Download v4.06.10.651
CrystalDiskInfo 8.17 Download
AMD Radeon Software Adrenalin 22.6.1 Windows 7 driver download
ReShade download v5.2.2
HWiNFO Download v7.26
7-Zip v22.00 Download
GeForce 516.40 WHQL driver download
Intel ARC graphics Driver Download Version: 30.0.101.1736


New Forum Topics
GeForce 516.59 WHQL driver download Dell has made a small and light 6-in-1 USB-C Multiport Adapter that can pass through 90W. Windows 11 will now tell whether your computer is DirectStorage capable. Review: FSP Dagger Pro (850W PSU) Lenovo's ThinkEdge SE70 edge terminal has a Jetson Xavier NX in a 1.6-liter case NVIDIA GeForce 516.59 WHQL driver download & Discussion Story details, release year, and a new map for GTA 6 [3rd-Party Driver] Amernime Zone Radeon Insight 22.5.1 WHQL Driver Pack (Released) AMD Radeon Software Adrenalin 22.5.2 driver download and discussion AMD Radeon Software - UWP




Guru3D.com » News » Rumor: Microsoft might share information on extremely critical vulnerability later today

Rumor: Microsoft might share information on extremely critical vulnerability later today

by Hilbert Hagedoorn on: 01/14/2020 03:53 PM | source: Krebsonsecurity via hardware.info | 22 comment(s)
Rumor: Microsoft might share information on extremely critical vulnerability later today

It's tagged as a rumor, but you can rest assured it'll become a fact. Keep an eye out on your Tuesday patches, and apply them. According to Krebs On Security, Microsoft is about to release info on an extremely critical vulnerability in Windows. 

Rumors are indicative that the issue is to be found in a cryptographic component, which is present in all Windows versions. A patch would be released starting today, Tuesday. Not much is known about the alleged vulnerability, except that it would be the CryptoAPI.

- Krebs - 

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

 

 

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company. This component was introduced into Windows more than 20 years ago — back in Windows NT 4.0. Consequently, all versions of Windows are likely affected (including Windows XP, which is no longer being supported with patches from Microsoft).

Microsoft responded, saying that it does not discuss the details of reported vulnerabilities before an update is available. And that is the good news, a patch will be in place real soon.

Source: Krebs On Security via HWI



Rumor: Microsoft might share information on extremely critical vulnerability later today




« 31.5-inch Lenovo G32qc Gaming Monitor · Rumor: Microsoft might share information on extremely critical vulnerability later today · Review: Team Group MP33 NVMe 512 GB SSD »

5 pages 1 2 3 4 5


Evildead666
Senior Member



Posts: 1309
Joined: 2003-09-14

#5750604 Posted on: 01/14/2020 03:57 PM
Could it have something to do with Windows 7 ?

now its officially EOL, maybe they'll admit there's a huge gaping hole, that they won't be closing, or can't close.....

Hilbert Hagedoorn
Don Vito Corleone



Posts: 44042
Joined: 2000-02-22

#5750605 Posted on: 01/14/2020 04:02 PM
Nah, it coincides with patch Tuesday and the EOL of Windows 7 was already planned years ago. If it is as bad as this sounds, then MS will certainly push another patch update for W7.

asturur
Senior Member



Posts: 1211
Joined: 2010-05-12

#5750606 Posted on: 01/14/2020 04:06 PM
Also because if is really 20 years old hole... They do not want to be responsible for open doors in a still large population of computers.

schmidtbag
Senior Member



Posts: 6561
Joined: 2012-11-10

#5750610 Posted on: 01/14/2020 04:14 PM
@Will Dormann
I get the impression that MS developers should pay closer attention to how they implement security. I don't know... just call it the bare minimum?

geogan
Senior Member



Posts: 952
Joined: 2010-01-04

#5750612 Posted on: 01/14/2020 04:29 PM
Could it have something to do with Windows 7 ?

now its officially EOL, maybe they'll admit there's a huge gaping hole, that they won't be closing, or can't close.....

Can't close?? It's a single DLL file. All you would have to do is copy over the newer patched file version surely? (Unless the OS won't allow computer admin to overwrite that file)

5 pages 1 2 3 4 5


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022