Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Corsair H170i Elite Capellix XT review
Forspoken: PC performance graphics benchmarks
ASRock Z790 Taichi review
The Callisto Protocol: PC graphics benchmarks
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review

New Downloads
FurMark Download v1.33.0.0
Intel ARC graphics Driver Download Version: 31.0.101.4091
Corsair Utility Engine Download (iCUE) Download v4.33.138
CPU-Z download v2.04
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download


New Forum Topics
X570 PCH Fan problems (?) Extreme 4-Way Sli Tuning Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL AMD Radeon Software Customize Setup - Radeon Setup Tool RTX 4090 Owner's thread AMD Software: Adrenalin Edition 23.1.2 for AMD Radeon™ RX 7900 Series AMD Announces Pricing and Availability for Ryzen 7000X3D Series Processors Philips 27-inch 4K OLED Gaming Monitor DisplayHDR TrueBlack 400 (27E1N8900/27) Microsoft Now Is Proactively Informing Windows 10 users to update to Windows 11 Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc.




Guru3D.com » News » Rumor: Microsoft might share information on extremely critical vulnerability later today

Rumor: Microsoft might share information on extremely critical vulnerability later today

by Hilbert Hagedoorn on: 01/14/2020 03:53 PM | source: Krebsonsecurity via hardware.info | 22 comment(s)
Rumor: Microsoft might share information on extremely critical vulnerability later today

It's tagged as a rumor, but you can rest assured it'll become a fact. Keep an eye out on your Tuesday patches, and apply them. According to Krebs On Security, Microsoft is about to release info on an extremely critical vulnerability in Windows. 

Rumors are indicative that the issue is to be found in a cryptographic component, which is present in all Windows versions. A patch would be released starting today, Tuesday. Not much is known about the alleged vulnerability, except that it would be the CryptoAPI.

- Krebs - 

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

 

 

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company. This component was introduced into Windows more than 20 years ago — back in Windows NT 4.0. Consequently, all versions of Windows are likely affected (including Windows XP, which is no longer being supported with patches from Microsoft).

Microsoft responded, saying that it does not discuss the details of reported vulnerabilities before an update is available. And that is the good news, a patch will be in place real soon.

Source: Krebs On Security via HWI



Rumor: Microsoft might share information on extremely critical vulnerability later today




« 31.5-inch Lenovo G32qc Gaming Monitor · Rumor: Microsoft might share information on extremely critical vulnerability later today · Review: Team Group MP33 NVMe 512 GB SSD »

5 pages 1 2 3 4 5


Evildead666
Senior Member



Posts: 1309
Joined: 2003-09-14

#5750604 Posted on: 01/14/2020 03:57 PM
Could it have something to do with Windows 7 ?

now its officially EOL, maybe they'll admit there's a huge gaping hole, that they won't be closing, or can't close.....

Hilbert Hagedoorn
Don Vito Corleone



Posts: 45550
Joined: 2000-02-22

#5750605 Posted on: 01/14/2020 04:02 PM
Nah, it coincides with patch Tuesday and the EOL of Windows 7 was already planned years ago. If it is as bad as this sounds, then MS will certainly push another patch update for W7.

asturur
Senior Member



Posts: 1305
Joined: 2010-05-12

#5750606 Posted on: 01/14/2020 04:06 PM
Also because if is really 20 years old hole... They do not want to be responsible for open doors in a still large population of computers.

schmidtbag
Senior Member



Posts: 7163
Joined: 2012-11-10

#5750610 Posted on: 01/14/2020 04:14 PM
@Will Dormann
I get the impression that MS developers should pay closer attention to how they implement security. I don't know... just call it the bare minimum?

geogan
Senior Member



Posts: 1126
Joined: 2010-01-04

#5750612 Posted on: 01/14/2020 04:29 PM
Could it have something to do with Windows 7 ?

now its officially EOL, maybe they'll admit there's a huge gaping hole, that they won't be closing, or can't close.....

Can't close?? It's a single DLL file. All you would have to do is copy over the newer patched file version surely? (Unless the OS won't allow computer admin to overwrite that file)

5 pages 1 2 3 4 5


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023