A critical flaw in Windows-powered datacenters and applications, which Microsoft fixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of different malware, or even ransomware, attacks.
Cybersecurity researchers from Akamai published a proof-of-concept (PoC) for the flaw, and determined the high percentage of yet unfixed devices.
The vulnerability Akamai is referring to is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to authenticate, or sign code, as the targeted certificate. In other words, threat actors can use the flaw to pretend to be another app or OS and have those apps run without raising any alarms.
Ignoring the patch
“We found that fewer than one percent of visible devices in data centers are patched, rendering the rest unprotected from exploitation of this vulnerability,” Akamai researchers said.
Speaking to The Register, the researchers confirmed that 99% of endpoints were unpatched, but that doesn’t necessarily have to mean they’re vulnerable – there still needs to be a vulnerable app for the attackers to exploit.
The flaw was given a 7.5 severity score, and labeled as “critical”. Microsoft released a patch in October 2022, but few users have applied it yet.
“So far, we found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,” the researchers said. “We believe there are more vulnerable targets in the wild and our research is still ongoing.”
When Microsoft originally patched the flaw, it said that there was no evidence of the vulnerability being exploited in the wild. However, now with the PoC publicly available, it’s safe to assume that different threat actors will start hunting for vulnerable endpoints (opens in new tab). After all, the methodology has been given to them on a silver platter, all they need to do is find a victim.
Via: The Register (opens in new tab)