Patch Update: crypt32.dll

Patch Update: crypt32.dll

Patch Update: crypt32.dll

23rd January, 2020

Microsoft recently announced an important vulnerability affecting its crypt32.dll – a core component of Microsoft software required by Windows for data encryption.

This vulnerability impacts the security of windows authentication by permitting malicious websites and software to appear genuine.

Although the crypt32.dll software has been around in one form or another for over 20 years, Microsoft are advising the vulnerability only applies to Windows 10, Server 2016 and 2019 Operating Systems.

Despite Microsoft classifying this patch as ‘Important’  some security agencies worldwide, most notably the US’s NSA who discovered the flaw, have deemed this as critical and one that should be patched with urgency. It has also received a high CVSS score of 8.1.

With recent focus by hackers on fast weaponization of newly identified vulnerabilities, rapid patching is more critical than ever and here at Options our dedicated Threat and Vulnerability Management teams have been using Ivanti’s Security Controls solution to efficiently deploy the patches to systems.

More details on the vulnerability can be found the official Microsoft website here  and on Options Patch Management Solution here.

Patrick Collins, Vulnerability Management

Options works closely with clients to actively patch any and all vulnerabilities – it is imperative that operating systems and 3rd party software products are kept up to date. Security doesn’t end with vulnerability patching; well-trained employees and a strong supporting security team are also essential. We continuously roll out rigorous training programs alongside numerous platform security enhancements, in addition to new cybersecurity initiatives to safeguard our clients’ data. For the latest on our Security, Intelligence and Analytics product offering, download our product sheet here.

Leave a Reply

Your email address will not be published. Required fields are marked *