cancel
Showing results for 
Search instead for 
Did you mean: 
bodysoda Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 14

Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Happy New year to all the community members. 

Looks like tomorrow's windows patches might be more important than most months. Warnings for a major security patch being released tomorrow. 

”A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools. “

And also, “a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.”

https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

Will, there be an ENS exploit prevention or Special DAT release by Mcafee?

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Labels (1)
1 Solution

Accepted Solutions
patrakshar McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Hi @bodysoda 

Please subscribe to https://kc.mcafee.com/corporate/index?page=content&id=KB92322 for all official communication related to this.

View solution in original post

13 Replies
bodysoda Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution
Never mind, I found the answer on the McAfee Labs Security Advisory: MTIS20-001

THREAT DETAILS (MSPT-Jan2020) Microsoft CryptoAPI ECC Certificates Spoofing (CVE-2020-0601)
MTIS20-001-A
THREAT IDENTIFIER(S) CVE-2020-0601
THREAT TYPE Vulnerability
RISK ASSESSMENT Medium
MAIN THREAT VECTORS Locally logged-on user
USER INTERACTION REQUIRED Yes
DESCRIPTION
A vulnerability in some versions of Microsoft CryptoAPI could lead to spoofing. The flaw lies in the ECC Certificates component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the user to open a vulnerable website, email or document.

IMPORTANCE Medium. On January 14th, Microsoft released an update to address this vulnerability
MCAFEE PRODUCT COVERAGE

DAT FILES Coverage not warranted at this time

VIRUS SCAN ENTERPRISE SCAN BOP Out of scope
HOST IPS Out of scope
NETWORK SECURITY PLATFORM Coverage not warranted
VULNERABILITY MANAGER An upcoming FSL/MVM content release will contain coverage for this issue.
WEB GATEWAY Coverage not warrantedat this time
REMEDIATION MANAGER Not applicable
POLICY AUDITOR No Coverage Status
NETWORK ACCESS CONTROL No Coverage Status
FIREWALL ENTERPRISE No Coverage Status
APPLICATION CONTROL Out of scope
DATABASE ACTIVITY MONITORING Out of scope
VULNERABILITY MANAGER FOR
DATABASES Out of scope
ADDITIONAL INFORMATION Microsoft: Security Update Summary

https://community.mcafee.com/t5/Documents/McAfee-Labs-Security-Advisory-MTIS20-001/ta-p/646392?searc...

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
patrakshar McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Hi @bodysoda 

Please subscribe to https://kc.mcafee.com/corporate/index?page=content&id=KB92322 for all official communication related to this.

View solution in original post

DylanK
Level 7
Report Inappropriate Content
Message 4 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Question: 

Does McAfee ENS/VSE/HIPS use crypt32.dll in any way to do certificate validation or does it use it own?

Can an attacker use the crypt32.dll exploit to convince McAfee endpoint security products that a malicious executable is signed by a trusted source so they wont scan it?

AdithyanT McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Hi @DylanK,

That is a very good question. Can this be raised as a Service Request so that we can get an official response from our internal team based on the same? My apologies as I do not have any confirmation on that however I am aware that we do have generic detections coming up for covering this Vulnerability.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
bodysoda Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution
Thanks Adithayan. Sr has been logged reference number 4-20592142721.
In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
AdithyanT McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Hi @bodysoda,

Thank you for your kind update. You can request to the Engineer for an EXTRA DAT that already offers a generic coverage for this exploit if you prefer to test it in your environment. The regular update for coverage will be released in few days. You can ping me the SR in DM if you have not received the EXTRA DAT yet!

Also, Thank you for staying alert and appreciate your intent to share this via community. It helps more users to stay vigilant for such critical patches!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Anybody having issues when testing the extra.dat file manually via ENS console?  I get "file load error" each time.  I have tried saving file on network share and also desktop - both get same error.  I usually try installing manually before adding to ePO repo.  

 

Thanks!

bodysoda Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 14

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

@ReallyWhy , McAfee Support provided the ExtraDAT file which is 18KB in size. Without a glitch, I got deployed successfully to the endpoint. 

2020-01-17 09_41_56-ePolicy Orchestrator 5.10.0.jpg

2020-01-17 09_51_38-GENSDP - ASG-RemoteDesktop 2019 - __Remote.jpg

 

 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!

Re: Warnings for a major security patch(crypt32.dll) being released tomorrow

Jump to solution

Thank you for your response.  I was trying to load manually via the ENS console.  

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community