+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Microsoft’s critical vulnerability could affect millions of Windows users around the world

Jan 14, 2020, 14:50 IST
Business Insider India
Unsplash
  • A critical vulnerability could affect millions of Windows users around the world.
  • Microsoft reportedly rolled out the security patch to the US military and other high-value organisations.
  • The security fix will be rolled out as part of Microsoft’s monthly Patch Tuesday update.
Advertisement
Microsoft’s first major update of 2020 will try to fix a critical vulnerability that could potentially undermine Windows encryption completely. The security fix will be rolled out as part of its monthly Patch Tuesday rollout.

According to a security researcher Brian Krebs, the update will fix an “extraordinarily serious security vulnerability”. This gains importance especially since Windows 7 reaches the end of its life today, January 14. Microsoft has ended support for Windows XP and Windows Vista already.

Despite this, the Redmond-based tech giant is expected to roll out this critical security patch to all versions of Windows.

Microsoft reportedly shipped this security patch to the US military and other high-value organisations that manage key internet infrastructure. Krebs also claims that Microsoft has signed agreements with these organisations that prevent them from disclosing information about this vulnerability.

What is this critical vulnerability?

The issue at hand affects ‘crypto32.dll’, which is one of the core components of the Windows operating system. This component is used by the Windows Crypto API that lets developers offer encryption in their Windows software.
Advertisement


According to Krebs, the flaw could be exploited by hackers to install malware on your computer by spoofing Windows software’s digital signature. In other words, you could end up installing malware on your computer and Windows would not even be able to detect it.

Why is this so important?

Will Dormann, a vulnerability analyst at the CERT Coordination Center, has tweeted that “people should pay very close attention” to installing today’s Patch Tuesday updates.

Coincidentally, the NSA is also scheduled to host a conference call to talk about a “current cybersecurity issue”.

This, combined with the fact that Microsoft is preventing organisations from disclosing the flaw, suggests that it is extremely critical. Since the majority of the world uses Windows, this has the potential to impact millions of computers at the very least.

Advertisement
On that note, we advise you to always keep your computers and smartphones up to date.

See also:

Microsoft ends free Windows 7 security updates on Tuesday

Microsoft contractors in China listened to Skype recordings with woefully bad levels of cybersecurity, report reveals

Vladimir Putin reportedly runs an outdated version of Windows on his computer that is vulnerable to hacking
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article