We are talking about the crypt32.dll library, which is used for cryptographic tasks. With its help, certificates, digital signatures of trusted programs and so on are processed. Also, this library allows developers to protect applications from fakes, to prevent the installation of illegal software and the like.
However, as reported, the library contains a vulnerability that allows it to take control of the system and sign fake programs with the necessary certificate. This was announced on Twitter by Will Dormann, a security researcher at the Focal Point Cert. According to him, all users need to install Patch Tuesday as soon as possible.
It is noted that earlier about the problem in Microsoft The NSA reported, and this is the first time in history that a federal agency has pointed out a company’s lack of security. The corporation itself has not yet said anything about the essence of the problem, only saying that they released preliminary versions of the patch for participants in the early access program. However, they must not be used for work systems.
Therefore, users have to wait for the release.