For many people, the NSA evokes images of shadowy government agencies, using their elite force of computer experts to spy on those that would wish to do the United States harm—banks of servers whirring in the background as men in suits and dark glasses stare at computer screens with lines of code flying by. Truth be told, this image isn’t far off the mark. Although much of their work is shrouded in secrecy, the National Security Agency works to ensure that the United States is well defended, and armed, for cyberwarfare that has become an all too common battlefield geopolitically. Generally speaking, their work is classified. Occasionally, however, the NSA makes the news.
Some of you may be familiar with ransomware, a type of computer virus that encrypts infected machines to hold their users up for ransom, generally in the form of bitcoins. Back in 2017, a tool developed by the NSA, called EternalBlue, was leaked online by a hacker group. The tool used an unpatched vulnerability in Microsoft operating systems’ that allowed malware to gain access to encrypt the machines. Although Microsoft had released emergency patches the month prior, EternalBlue led to the development of the WannaCry and NotPetya ransomware strains. Together, these two types of malware caused billions of dollars in damages, with NotPetya taking down shipping giant Maersk for more than 10 days.
The release of EternalBlue caused somewhat of an uproar in IT circles, as it turned out that the NSA had known about, and exploited this particular vulnerability for more than five years without notifying Microsoft. Perhaps learning from this bad press and heavy financial cost, this week the NSA took the unusual step of publicly announcing their discovery of another such vulnerability in the Windows 10 operating system, which caused Microsoft to release emergency patches.
This particular vulnerability also exploits encryption.
It affects the Windows CryptoAPI (Crypt32.dll) and could enable an attacker to use fake security certificates to install malware under the guise of being valid software. By exploiting the CryptoAPI service, which developers use to cryptographically sign software to prove its trustworthiness, attackers could undermine critical security protections to ultimate take control of victim devices.
To plug this dangerous hole identified in their operating system, Microsoft released an emergency patch, KB4528760, which addresses the vulnerability. As you can see by the timeline of the release of WannaCry and NotPetya, malware creators will jump at the chance to exploit unpatched machines.
Even though Microsoft was able to release a patch prior to the creation of these ransomware strains, threat actors were able to exploit those machines that remained unpatched.
It is therefore critical that you, or your IT professional, install this patch at the earliest opportunity. If you are concerned about whether this patch has already been installed, or would like to install it manually, the patch can be downloaded from the Microsoft Update Catalog website by searching for KB4528760.
Although installing security patches (or other Windows updates) isn’t something most people enjoy doing—as fun as it is to watch that ‘Installing Updates – 2%’ screen—they are a critical layer of security for both home and business users. It is extremely important that your Operating System is kept up to date, lest it be attacked and compromised.