Singaporean regulator warns financial institutions about vulnerabilities in Microsoft Windows OS

Maria Nikolova

MAS has informed financial institutions using the affected Windows Operating Systems to take immediate action to install the relevant patches.

The Monetary Authority of Singapore (MAS) today issued a warning to financial institutions regarding vulnerabilities in the Microsoft Windows Operating System.

These vulnerabilities could allow malicious files or applications to bypass detection from security applications and gain control of the computer systems. MAS has informed financial institutions using the affected Windows Operating Systems to implement the relevant patches. Financial institutions should also take mitigating measures to prevent the vulnerabilities from being exploited.

The regulator explains that Microsoft released security updates for its Windows Operating Systems on January 15, 2020 to address 49 vulnerabilities. According to the Cyber Security Agency of Singapore (CSA), four of the vulnerabilities (CVE-2020-0601, CVE-2020-0609, CVE-2020-0610 and CVE-2020-0611) are highly critical and require immediate attention.

In particular, there is a Windows CryptoAPI spoofing vulnerability. It concerns the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a forged code-signing certificate to sign an executable file, making it appear that the file was from a trusted, legitimate source. The system or user would have no way of knowing the file was not legitimate, because the digital signature would appear to be from a trusted provider.

The security update addresses the vulnerability by ensuring that the Windows CryptoAPI validates the ECC certificates. After applying the patch, the user would be able to detect the usage of forged certificates via the Windows Event Logs.

The authorities also warn of Windows Remote Desktop Protocol (RDP) vulnerabilities. These include vulnerabilities in the Windows RDP Gateway Server, where they allow a pre-authenticated attacker to connect to a targeted system via RDP and sends crafted requests to trigger the execution of arbitrary code on the target system.

Another vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server.

MAS notes it will continue to work closely with financial institutions to monitor the cybersecurity developments and ensure that IT systems in the financial sector are safeguarded and remain resilient against cyber threats.

Read this next

Digital Assets

Cathie Wood’s sponsored Bitcoin ETF sees historic $200 million inflows

The ARK 21Shares Bitcoin ETF (ARKB), co-sponsored by Cathie Wood’s ARK Invest, registered historic inflows exceeding $200 million on Wednesday, signaling a robust appetite among investors for Bitcoin-centric investments.

Digital Assets

Sam Bankman-Fried might see his 25-year sentence halved

Sam Bankman-Fried, the founder of the failed cryptocurrency exchange FTX, was sentenced to 25 years in federal prison by a Manhattan court on Thursday. This comes after he was convicted of defrauding customers and investors, with Judge Lewis Kaplan highlighting the potential future risks posed by Bankman-Fried.

Technical Analysis

EURJPY Technical Analysis Report 28 March, 2024

EURJPY currency pair under the bearish pressure after the pair reversed down from the major resistance level 164.25, which also stopped the sharp weekly uptrend at the end of last year,

Digital Assets

BlockDAG’s Presale Hits $9.9M, MultiversX & MINA Price Predictions Show Green

Read about BlockDAG’s promising $10 prediction and insights on MultiversX Price Prediction as MINA’s potential unfolds.

Digital Assets

Rockstar Co-Founder and All-star Line Up Join Advisory Board to Take Metacade into Post Beta Orbit

Metacade, the revolutionary Web3 gaming platform, prepares to streak out of beta with a slew of ground-breaking initiatives that will redefine the way blockchain games are developed.

Retail FX

Prop firm The Funded Trader shuts down, claims relaunch in April

Prop trading firm The Funded Trader has ceased all operations, with claims for a relaunch in the near future.

Digital Assets

Ethereum-Based Tokenized Real Estate Platform USP Launches On Republic

How This Californian Startup Is Revolutionizing Real Estate Investment through Ethereum-Based Tokenization.

Digital Assets

Sui Spikes in Weekly DEX Volume, Joins Top 10 of All Blockchains

March DEX volume on Sui stands at over $2.88B – up more than 49% from February – with decentralized exchange Cetus and wholesale liquidity layer DeepBook leading.

Digital Assets

Prisma Finance suffers $10 million crypto exploit, attack ongoing

Liquid staking protocol Prisma Finance fell victim to a security exploit on March 28, resulting in nearly $10 million in Prisma mkUSD and wrapped stETH being stolen by hackers.

<