A critical flaw in Windows datacenters and applications, which Microsoft patched in mid-2022, remains unpatched at almost all vulnerable endpoints, exposing countless users to the risk of various malware attacks, or even ransomware.
Cybersecurity researchers from Akamai have published a proof-of-concept (PoC) of the flaw, identifying the high percentage of devices that are not yet fixed.
The Akamai vulnerability refers to CVE-2022-34689, a Windows CryptoAPI impersonation vulnerability that allows threat actors to authenticate, or sign code, as a target certificate. In other words, threat actors can use bugs to pretend to be another app or operating system and run those apps without triggering any alarms.
ignore the patch
“We found that less than one percent of visible devices in data centers are patched, leaving the remainder unprotected from exploiting this vulnerability,” Akamai researchers said.
Speaking to The Register, the researchers confirmed that 99% of endpoints are unpatched, but that doesn’t necessarily mean they’re vulnerable — there still needs to be a vulnerable application that attackers can exploit.
The flaw was given a severity score of 7.5, and classified as “Critical”. Microsoft released a patch in October 2022, but few users have applied it till now.
> Here is a list of the best identity theft protection software
> 6 types of Windows malware to watch out for — and how to remove them
> The new Windows malware uses cunning technology to avoid detection
“So far, we have found that older versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,” the researchers said. “We believe there are more vulnerable targets out in the wild and our research is continuing.”
When Microsoft originally fixed the flaw, it said there was no evidence of the vulnerability being exploited in the wild. However, with PoC now available to the public, it is safe to assume that various threat actors will start looking for vulnerable endpoints. After all, the methodology was given to them on a silver platter, all they have to do is find a victim.
- Check out the best firewalls around
Via: The Register