>
A critical flaw in Windows-powered data centers and applications, which Microsoft fixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of various malware or even ransomware attacks.
Akamai cybersecurity researchers published a proof-of-concept (PoC) for the flaw and determined the high percentage of unrepaired devices.
The vulnerability Akamai references is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to authenticate or sign code as the target certificate. In other words, adversaries can use the flaw to impersonate another app or operating system and run those apps without raising the alarm.
Ignoring the patch
“We found that less than 1 percent of exposed devices in data centers are patched, leaving the rest unprotected from exploitation of this vulnerability,” Akamai researchers said.
Speaking to The Register, the researchers confirmed that 99% of endpoints were unpatched, but that doesn’t necessarily mean they’re vulnerable – there must still be a vulnerable app for attackers to exploit.
The error received a severity score of 7.5 and was labeled “critical”. Microsoft released a patch in October 2022, but few users have applied it yet.
“So far, we have found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,” the researchers said. “We believe there are more vulnerable targets in the wild and our research is ongoing.”
When Microsoft originally patched the flaw, it said there was no evidence the vulnerability was being exploited in the wild. However, now that the PoC is publicly available, it’s safe to assume that various threat actors are on the hunt for vulnerable endpoints (opens in new tab). After all, the methodology has been handed to them on a silver platter, all they have to do is find a victim.
Through: The register (opens in new tab)