Your apps and Windows devices could be facing a whole new kind of threat

Illustration of a laptop with a magnifying glass exposing a beetle on-screen
(Image credit: Shutterstock / Kanoktuch)

A critical flaw in Windows-powered datacenters and applications, which Microsoft fixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of different malware, or even ransomware, attacks.

Cybersecurity researchers from Akamai published a proof-of-concept (PoC) for the flaw, and determined the high percentage of yet unfixed devices.

The vulnerability Akamai is referring to is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to authenticate, or sign code, as the targeted certificate. In other words, threat actors can use the flaw to pretend to be another app or OS and have those apps run without raising any alarms. 

Protecting your business from the biggest threats online

<a href="" data-link-merchant=""">Protecting your business from the biggest threats online Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (<a href="" data-link-merchant=""" data-link-merchant=""" target="_self">What does this mean?) 

Ignoring the patch

"We found that fewer than one percent of visible devices in data centers are patched, rendering the rest unprotected from exploitation of this vulnerability," Akamai researchers said. 

Speaking to The Register, the researchers confirmed that 99% of endpoints were unpatched, but that doesn’t necessarily have to mean they’re vulnerable - there still needs to be a vulnerable app for the attackers to exploit. 

The flaw was given a 7.5 severity score, and labeled as “critical”. Microsoft released a patch in October 2022, but few users have applied it yet. 

"So far, we found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited," the researchers said. "We believe there are more vulnerable targets in the wild and our research is still ongoing."

When Microsoft originally patched the flaw, it said that there was no evidence of the vulnerability being exploited in the wild. However, now with the PoC publicly available, it’s safe to assume that different threat actors will start hunting for vulnerable endpoints. After all, the methodology has been given to them on a silver platter, all they need to do is find a victim. 

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.