Your apps and Windows devices could be facing a whole new kind of threat

What if fake apps aren’t recognized as such?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A critical flaw in Windows-powered datacenters and applications, whichMicrosoftfixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of differentmalware, or evenransomware, attacks.

Cybersecurity researchers from Akamai published a proof-of-concept (PoC) for the flaw, and determined the high percentage of yet unfixed devices.

The vulnerability Akamai is referring to is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to authenticate, or sign code, as the targeted certificate. In other words, threat actors can use the flaw to pretend to be another app or OS and have those apps run without raising any alarms.

Protecting your business from the biggest threats onlinePerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Ignoring the patch

“We found that fewer than one percent of visible devices in data centers are patched, rendering the rest unprotected from exploitation of this vulnerability,” Akamai researchers said.

Speaking to The Register, the researchers confirmed that 99% of endpoints were unpatched, but that doesn’t necessarily have to mean they’re vulnerable - there still needs to be a vulnerable app for the attackers to exploit.

The flaw was given a 7.5 severity score, and labeled as “critical”. Microsoft released a patch in October 2022, but few users have applied it yet.

Here’s our list of the bestidentity theft protection software>6 types of Windows malware to watch out for - and how to remove them>New Windows malware uses a cunning technique to avoid detection

“So far, we found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,” the researchers said. “We believe there are more vulnerable targets in the wild and our research is still ongoing.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

When Microsoft originally patched the flaw, it said that there was no evidence of the vulnerability being exploited in the wild. However, now with the PoC publicly available, it’s safe to assume that different threat actors will start hunting for vulnerableendpoints. After all, the methodology has been given to them on a silver platter, all they need to do is find a victim.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics