… then apparently it’s very important to get the latest security update.
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update Tuesday [January 14, 2020] to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.
According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates. [KrebsOnSecurity]
Cryptography is hard to do properly. More information at the link above.
But this dust-up does remind that I don’t often have to get a security update for my hammer.