A critical flaw in Windows-based data centers and applications that Microsoft fixed in mid-2022 remains unpatched in almost all vulnerable endpoints, exposing countless users to another risk malwareor ransomwareAttacks.
Akamai cybersecurity researchers released a proof-of-concept (PoC) for the bug and noted the high percentage of devices that remain unrepaired.
The vulnerability referenced by Akamai is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows attackers to authenticate as a target certificate or code sign. In other words, threat actors can use the flaw to pretend to be another app or operating system and let those apps run without triggering an alert.
ignore patch
“We found that less than 1 percent of visible devices in data centers are patched, leaving the rest vulnerable to exploitation of this vulnerability,” said Akamai researchers.
Speaking to The Register, the researchers confirmed that 99% of the endpoints were unpatched, but that doesn’t necessarily mean they’re vulnerable – there still has to be a vulnerable app for the attackers to exploit.
The error was rated with a severity of 7.5 and marked as “critical”. Microsoft released a patch in October 2022, but few users have applied it so far.
“So far, we have found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,” the researchers said. “We believe there are more vulnerable targets in the wild, and our research is ongoing.”
When Microsoft originally patched the flaw, it said there was no evidence that the vulnerability was being exploited in the wild. However, with the PoC now publicly available, it is safe to assume that various threat actors will start hunting for vulnerabilities endpoints (opens in new tab). Eventually they were handed the methodology on a silver platter, all they have to do is find a victim.
Above: The registry (opens in new tab)
