Microsoft may be ready to fix a serious encryption vulnerability that exists in Windows systems that could allow malicious programs to be installed as trusted components to trick users,media Krebson Security reported, citingmedia outlet Krebson Security. The point is that Windows 7 systems that officially stop supporting today may not fix the vulnerability.
“The source said Microsoft plans to fix a critical security vulnerability that exists in all Versions of Windows on Patch Tuesday, a core encryption component that could be used to spoof the source of digital lysing software,” Krebson Security wrote in a tweet. Obviously, the Department of Defense and some others will get an advanced patch https://t.co/V6PByhjTNR”
Reports say the security vulnerability in the Windows component crypt32.dll is so severe that Microsoft released a patch to the government’s security services in advance. “Multiple sources confirm that Microsoft is scheduled to release a software update on Tuesday to fix critical vulnerabilities in the core encryption components in all Windows versions,” Krebson Security said. The patches have been sent in advance to U.S. military branches and other high-value customers/targets that manage critical Internet infrastructure, and these organizations are required to sign agreements to prevent them from disclosing details of the vulnerabilities. “
In a follow-up statement, however, Microsoft denied this. More seriously, the component dates back to all versions of Windows in the Windows NT era, but Microsoft will not release the appropriate security patches because Windows 7 is discontinued.