NSA Windows Advisory: Details and How To Mitigate the Risk
The NSA has discovered a critical vulnerability affecting Microsoft Windows functionality. Read on to learn about the risk and how to mitigate it.
We have an important risk notification to share with you:
The U.S. National Security Agency (NSA) has released the attached report regarding a critical vulnerability in all Microsoft Windows operating systems specifically affecting Microsoft Windows®1 cryptographic functionality. The vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution, essentially allowing attackers to defeat trusted network connections and deliver executable code while appearing as trusted entities. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Examples where validation of trust may be impacted include: HTTPS connections, signed files and emails, and signed executable code launched as user-mode processes.
The vulnerability places Windows endpoints at risk to a broad range of exploitation opportunities, and the NSA assesses the vulnerability to be severe with serious potential for consequences if this is not patched. Remote exploitation tools will likely be made quickly and widely available.
What the NSA recommends: Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners. Network devices and endpoint logging features may prevent or detect some methods of exploitation, but installing all patches is the most effective mitigation.
This means that patch management should be on the top of your priority list!
NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems. In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services.
o Windows-based web appliances, web servers, or proxies that perform TLS validation.
o Endpoints that host critical infrastructure (e.g. domain controllers, DNS servers, update servers, VPN servers, IPSec negotiation).
Prioritization should also be given to endpoints that have a high risk of exploitation. Examples include:
o Endpoints directly exposed to the internet.
o Endpoints regularly used by privileged users.
Take a look at the risk in detail through the NSA’s Cybersecurity Site here: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
Stay safe out there, and make sure you are using Central to proactively stay on top of your patch management moving forward.