Singaporean regulator warns financial institutions about vulnerabilities in Microsoft Windows OS
MAS has informed financial institutions using the affected Windows Operating Systems to take immediate action to install the relevant patches.
The Monetary Authority of Singapore (MAS) today issued a warning to financial institutions regarding vulnerabilities in the Microsoft Windows Operating System.
These vulnerabilities could allow malicious files or applications to bypass detection from security applications and gain control of the computer systems. MAS has informed financial institutions using the affected Windows Operating Systems to implement the relevant patches. Financial institutions should also take mitigating measures to prevent the vulnerabilities from being exploited.
The regulator explains that Microsoft released security updates for its Windows Operating Systems on January 15, 2020 to address 49 vulnerabilities. According to the Cyber Security Agency of Singapore (CSA), four of the vulnerabilities (CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611) are highly critical and require immediate attention.
In particular, there is a Windows CryptoAPI spoofing vulnerability. It concerns the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a forged code-signing certificate to sign an executable file, making it appear that the file was from a trusted, legitimate source. The system or user would have no way of knowing the file was not legitimate, because the digital signature would appear to be from a trusted provider.
The security update addresses the vulnerability by ensuring that the Windows CryptoAPI validates the ECC certificates. After applying the patch, the user would be able to detect the usage of forged certificates via the Windows Event Logs.
The authorities also warn of Windows Remote Desktop Protocol (RDP) vulnerabilities. These include vulnerabilities in the Windows RDP Gateway Server, where they allow a pre-authenticated attacker to connect to a targeted system via RDP and sends crafted requests to trigger the execution of arbitrary code on the target system.
Another vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server.
MAS notes it will continue to work closely with financial institutions to monitor the cybersecurity developments and ensure that IT systems in the financial sector are safeguarded and remain resilient against cyber threats.