Big Danger on Windows: This Bug Can Make Servers Vulnerable
Technology
··1 min read

Big Danger on Windows: This Bug Can Make Servers Vulnerable

When it comes to Windows vulnerabilities, CryptoAPI is the most enduring culprit. This interface allows Win32 programs to effectively administer security and cryptography protocols such as validating certificates or verifying identities; however, CryptoAPI can also present serious security risks, enabling identity and certificate spoofing on the Windows platform.

Akamai Security analysts have revealed what happened with the cyber-attack dubbed CVE-2022-34689. The US NSA and UK National Cyber Security Center (NCSC) exposed this particular “Windows CryptoAPI Spoofing Vulnerability” in October 2022, though Microsoft had already released a patch for it back in August of that year.

The Bug Thought To Be Patched Is Still A Big Windows Problem.

Redmond’s security bulletin warns that CVE-2022-34689 can be utilized to mask an assailant’s real identity, allowing them to authorize themselves or sign off on code as if they were the affected certificate.

Akamai has articulated that the dilemma lies in CryptoAPI’s presumption of MD5 being “collision-free.” Unfortunately, MD5 is known to encounter collision issues – which means two different pieces of data can have identical hashes. Even though this flaw has been around for some time now, outdated versions using CryptoAPI are still at risk.

CVE-2022-34689 is a gaping security flaw that cybercriminals can take advantage of to digitally sign malicious programs and make them look like they’re coming from reliable, protected sources. This bug was classified as “critical,” with Microsoft indicating the most likely exploitation yet not allowing remote code execution. The CVSS severity score for this vulnerability is 7.5 out of 10 – making it one of the more dangerous exploits around today!

windows

A Big Problem for 99% of Devices.

Akamai reported not only Chrome 48 but also many other vulnerable targets “in the wild” that are still on older CryptoAPI versions. Making matters worse is the fact that most system admins and professional users have neglected to patch their systems with a readily available fix for six months now. The danger of CVE-2022-34689 has been ignored for too long by far too many people.Utterly astonishing, fewer than 1% of devices in data centers have any form of security! This indicates that almost all Windows-based servers are exposed to the world wide web as we speak.

Instead of PlayStation 5 Pro, a Second-Generation PlayStation 5 Will Be Released

Tags
Robert-taylor
Robert Taylor
Experienced Journalist with knowledge in shareholder activism, corporate governance, and asset finance reporting across various environments including online, print, and social media. Keen to learn about new sectors through the lens of journalism. I have worked as a financial journalist for over thirteen years, I worked my way up from news reporter to become deputy news editor in 2007. As a journalist, my primary focus is to ensure that my readers are well-informed on the most significant changes happening in the world of cryptocurrency, from blockchain technology to the latest market trends. In addition to staying up-to-date with breaking news stories, I am also interested in exploring the long-term potential of cryptocurrencies as a whole. I believe that blockchain technology will fundamentally change the way we conduct business, and I am excited to be a part of this transformation. My background in business and finance gives me a unique perspective on the world of cryptocurrency. I have worked with some of the biggest financial institutions in the world and have seen firsthand how the industry is evolving. I understand the challenges and opportunities that crypto presents and am eager to share my knowledge with my readers.
Related

Your email address will not be published. Required fields are marked *