FSIs warned over Windows vulnerability

FSIs warned over Windows vulnerability

Microsoft has issued an alert over critical vulnerabilities exposed in several versions of its Windows OS, with financial institutions urged to immediately patch their systems to prevent malicious access.

The Monetary Authority of Singapore, the country’s chief financial regulatory body, has issued its own advisory, urging local FSIs to take immediate action to install the relevant patches and take “mitigating measures to prevent the vulnerabilities from being exploited.”

Microsoft said the vulnerabilities could allow malicious files or applications to bypass detection from security applications and gain control over computer systems.

Microsoft released security updates on 15 January to address 49 vulnerabilities within the widely adopted operating system, including versions Windows 10, Windows 8.1, Windows 7 as well as several versions of Windows Server dating back to 2008.

Four of the vulnerabilities (CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611) are listed as “highly critical” and require immediate attention.

Among these, the CVE-2020-0601 spoofing vulnerability exploits Windows CryptoAPI’s validation of ECC certificates, allowing attackers to forge code-signing certificates to sign executable files, making it appear as if the file were from a trusted and legitimate source.

The remaining three “highly critical” vulnerabilities address issues within Windows Remote Desktop Protocol (RDP).

More information on relevant patches can be found on Microsoft’s dedicated site.