Microsoft’s monthly Patch Tuesday included a hefty haul of fixes: 49 total, and one of them is more than just critical. For enterprises running Windows Server 2016 and Server 2019, it’s vital you implement the patch ASAP.
The National Security Agency (NSA) disclosed the Windows vulnerability on Tuesday, the same day the fix was issued. That means the NSA found the flaw likely months ago but held off on public notification until Microsoft could come up with a fix. It would be irresponsible for the NSA, or anyone else, to announce a vulnerability and not give the software maker time to patch it.
The vulnerability was spotted in “crypt32.dll,” a Windows module that has been in both desktop and server versions since NT 4.0 more than 20 years ago. Microsoft describes the library as handling certificate and cryptographic messaging functions in the CryptoAPI.