{"id":17448,"date":"2020-01-15T08:30:07","date_gmt":"2020-01-15T16:30:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/01\/15\/news-11184\/"},"modified":"2020-01-15T08:30:07","modified_gmt":"2020-01-15T16:30:07","slug":"news-11184","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/15\/news-11184\/","title":{"rendered":"Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 07:26:00 -0800<\/strong><\/p>\n

Get ready for your local news station\u2019s weather reporter to start lecturing on the importance of installing Windows patches.<\/span><\/p>\n

Yesterday we were treated to a remarkable Patch Tuesday. \u201cRemarkable\u201d specifically in the sense that the U.S. National Security Agency was moved to put out a press release (<\/span>PDF<\/span><\/a>):<\/span><\/p>\n

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016\/2019 systems.<\/span><\/p>\n

That\u2019s a first. Until now, the NSA has never publicly acknowledged its contributions to Microsoft\u2019s patching efforts\u00a0\u2014 nor has it picked up the flogging whip in Microsoft\u2019s patching drive. Security guru Brian Krebs attributes it to a <\/span>change of heart <\/span><\/a>at the NSA:<\/span><\/p>\n

Sources say this disclosure from NSA is planned to be the first of many as part of a new initiative at NSA dubbed “Turn a New Leaf,” aimed at making more of the agency’s vulnerability research available to major software vendors and ultimately to the public.<\/span><\/p>\n

Krebs has an <\/span>excellent overview<\/span><\/a>\u00a0of the security hole, loaded with several mind-bending analogies. Get the tech details of the vulnerability in Kenneth White\u2019s <\/span>Microsoft\u2019s Chain of Fools <\/span><\/a>expos\u00e9. If you haven\u2019t yet been inundated with half-fast explanations, rest assured that every news outlet in the world is in the process of trying to digest and regurgitate <\/span>the complexities<\/span><\/a> of CryptoAPI and Elliptic Curve Cryptography certs.<\/span><\/p>\n

What does it all mean? If someone can crack the CVE-2020-0601 conundrum, they\u2019ll be able to create programs that appear to come from a trusted source. That\u2019s a scary possibility, but it\u2019s a long way from a third-degree polynomial to working ransomware.<\/span><\/p>\n

And, no, CVE-2020-0601 can\u2019t be used to break into the Windows Update chain.<\/span><\/p>\n

As of early Wednesday morning, at least one A-list hacker has put together a working \u201cProof of Concept\u201d exploit. Casey Smith (@subTee) <\/span>has a PoC<\/span><\/a>, but it isn\u2019t yet ready for widespread release. As Kevin Beaumont says, \u201cIt\u2019s not practical at scale for a variety of reasons.\u201d<\/span><\/p>\n

So with everybody \u2014 the NSA, the \u2018Softies, your weather forecaster, your hairdresser\u2019s boyfriend\u2019s precocious but smelly nine-year-old\u00a0\u2014 recommending that you patch NOW, why wait?<\/span><\/p>\n

Because there are problems with this month\u2019s Win10 patches.<\/span><\/p>\n

It always takes time for bugs to surface. This month\u2019s no different. As of very early Wednesday morning, I\u2019m seeing plenty of problem reports when installing the patches \u2014 the same problems we\u2019ve had for many years. Whether any darker problems lie in lurk is anybody\u2019s guess, and it\u2019s still too early to tell.<\/span><\/p>\n

For now, I\u2019m recommending that you keep all of the Patch Tuesday patches at bay, until we\u2019ve had a chance to see what other surprises await. That assessment may change quickly, so stay alert.<\/span><\/p>\n

If you\u2019re in charge of Server 2012, 2012 R2, 2016 and\/or 2019 systems, there\u2019s a much larger problem you should confront right now. Two of this month\u2019s patched security holes,\u00a0<\/span>CVE-2020-0609<\/span><\/a> and <\/span>CVE-2020-0610<\/span><\/a>, reveal a security hole in the Windows Remote Desktop Gateway, RDgateway, that will let anybody into your system if they crawl in through port 443. As Patch Lady Susan Bradley <\/span>puts it<\/span><\/a>:<\/span><\/p>\n

If you are a IT consultant or admin with an Essentials 2012 (or later) server, or use the RDgateway role and expose it over port 443 to allow users to gain access to RDweb or their desktops, forget that crypt32.dll bug. This one is one to worry about.<\/span><\/p>\n

The January patches should be a top priority for this, active security hole. And of course, if you\u2019re using <\/span>Pulse Connect Secure VPN<\/span><\/a>, or a <\/span>Citrix Gateway\/ADC\/NetScaler box<\/span><\/a> you have it locked down (or unplugged) by now, right?<\/span><\/p>\n

This month we had almost no non-security \u201cquality updates\u201d\u00a0\u2014 which is to say, bug fixes. With a few niggling exceptions (one in Win10 version 1809), none of the Windows patches this month include documented non-security bug fixes. In fact, we\u2019ve seen very few non-security patches since October.\u00a0<\/span><\/p>\n

All of which underlines an ongoing problem with the \u201cas a Service\u201d method of bundling all the month’s patches into one big gob. If we had separate Crypt32 and RDgateway patches, people could choose to fix the big holes while waiting for problem reports on the little ones.\u00a0<\/span><\/p>\n

If wishes were horses then hackers would ride.<\/span><\/p>\n

Stay up-to-the-minute on Crypt32 cracking <\/span>with AskWoody.com<\/span><\/a>.<\/span><\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 07:26:00 -0800<\/strong><\/p>\n

\n
\n

Get ready for your local news station\u2019s weather reporter to start lecturing on the importance of installing Windows patches.<\/span><\/p>\n

Yesterday we were treated to a remarkable Patch Tuesday. \u201cRemarkable\u201d specifically in the sense that the U.S. National Security Agency was moved to put out a press release (<\/span>PDF<\/span><\/a>):<\/span><\/p>\n

\n

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016\/2019 systems.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,714,10525],"class_list":["post-17448","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17448"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17448\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17448"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}