Microsoft’s critical vulnerability could affect millions of Windows users around the world

• A critical vulnerability could affect millions of Windows users around the world.
• Microsoft reportedly rolled out the security patch to the US military and other high-value organisations.
• The security fix will be rolled out as part of Microsoft’s monthly Patch Tuesday update.

Microsoft’s first major update of 2020 will try to fix a critical vulnerability that could potentially undermine Windows encryption completely. The security fix will be rolled out as part of its monthly Patch Tuesday rollout.

According to a security researcher Brian Krebs, the update will fix an “extraordinarily serious security vulnerability”. This gains importance especially since Windows 7 reaches the end of its life today, January 14. Microsoft has ended support for Windows XP and Windows Vista already.

Despite this, the Redmond-based tech giant is expected to roll out this critical security patch to all versions of Windows.

Microsoft reportedly shipped this security patch to the US military and other high-value organisations that manage key internet infrastructure. Krebs also claims that Microsoft has signed agreements with these organisations that prevent them from disclosing information about this vulnerability.

What is this critical vulnerability?

The issue at hand affects ‘crypto32.dll’, which is one of the core components of the Windows operating system. This component is used by the Windows Crypto API that lets developers offer encryption in their Windows software.

According to Krebs, the flaw could be exploited by hackers to install malware on your computer by spoofing Windows software’s digital signature. In other words, you could end up installing malware on your computer and Windows would not even be able to detect it.

Why is this so important?

Will Dormann, a vulnerability analyst at the CERT Coordination Center, has tweeted that “people should pay very close attention” to installing today’s Patch Tuesday updates.

Coincidentally, the NSA is also scheduled to host a conference call to talk about a “current cybersecurity issue”.

This, combined with the fact that Microsoft is preventing organisations from disclosing the flaw, suggests that it is extremely critical. Since the majority of the world uses Windows, this has the potential to impact millions of computers at the very least.

On that note, we advise you to always keep your computers and smartphones up to date.

See also:

Microsoft ends free Windows 7 security updates on Tuesday

Microsoft contractors in China listened to Skype recordings with woefully bad levels of cybersecurity, report reveals

Vladimir Putin reportedly runs an outdated version of Windows on his computer that is vulnerable to hacking