An Old Feature Turned Vulnerable
The feature which is exploitable in this issue is the CryptoAPI (or crypt32.dll specifically), a cryptographic component that’s decades-old in Windows and is used by developers to digitally sign their software and authenticate the digital licenses. It has many other functions to perform, but this is used as a back door by hackers to exploit and impersonate the original developers at validation checkpoints in installation/scanning apps. They can potentially dump malicious code/app under the shadow of the original license as developers to affect users. Further, third party analysis claims this flaw can be used to even intercept and modify the HTTPS protocol to steal the sensitive information transmitting through web browsers. An incident of such happened last year with reference to Asus, where hackers obtained a legitimate certificate of Asus and user for compromising hundreds of thousands of users. Microsoft has passed security patches to high-profiled companies, military and other US government offices ahead of releasing to the public, where it thought important and may be exploited for attacks. This core cryptographic component is present in Windows 2016, 2019 and Version 10 only. Others as Windows 8.1 and before lacks this component, thus safe by default. The Windows maker says they’ve found no evidence of the vulnerability being exploited in any manner, till date. And the claim was confirmed by the NSA later. After all, Microsoft has released patches for this flaw anyway and detailed steps to secure it.
