Microsoft fixes a critical flaw in Windows-powered data centers and applications in mid-2022 that remains unpatched in nearly all vulnerable endpoints, putting countless users at risk of different malware and even ransomware attacks .
Akamai’s cybersecurity researchers published a proof-of-concept (PoC) for the vulnerability and identified a high percentage of devices that have not been patched.
The vulnerability Akamai is referring to is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to verify or sign code as a target’s certificate. In other words, a threat actor could exploit the flaw to pretend to be another application or operating system and have those applications run without any alerts.
ignore patch
“We found that less than one percent of visible devices in the data center were patched, leaving the remaining devices unprotected from exploiting this vulnerability,” the Akamai researchers said.
In an interview with The Register, the researchers confirmed that 99 percent of endpoints are unpatched, but that doesn’t necessarily mean they’re vulnerable — there still needs to be a vulnerable application for attackers to exploit.
The bug has a severity score of 7.5 and is marked as Critical. Microsoft released a patch in October 2022, but few users have applied it yet.
“So far, we have found that older versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,” the researchers said. “We believe there are many more vulnerable targets in the wild, and our research is ongoing.”
When Microsoft initially patched the flaw, it said there was no evidence that it had been exploited.However, now that the PoC is publicly available, it is safe to assume that different threat actors will start looking for vulnerable endpoints (opens in a new tab)After all, the methodology has been given to them on a silver platter, all they need to do is find a victim.
pass: register (opens in a new tab)
