We have recently blogged about how all the updates coming down this month will affect GCDS users and well as SPS's automated student provisioning services. You can read that here. In the meantime, Technology Coordinators should be aware of how serious the consequences are if these patches are not put in place.
The vulnerability allows malware to spoof the signature of a trusted organization. The recommendation is to patch as soon as possible. Read on to find out more.
The set of patches for Windows for this month includes updates to "fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows." You can find out more from this article from Krebson Security here.
There is also a US Government "Emergency Federal Directive" from the Cybersecurity and Infrastructure Security Agency (CISA) about this issue that Technology Teams should be aware of. Excerpt below from, "Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday”. Additionally, see CISA’s blog post.
"The vulnerability in ECC certificate validation affects Windows 10, Server 2016, and Server 2019. It bypasses the trust store, allowing unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization, which may deceive users or thwart malware detection methods like anti-virus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows’ CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection."-https://cyber.dhs.gov/ed/20-02/
Would you like to automate provisioning for your district?
Student Provisioning Services works with K12 districts of all sizes to implement a customized, fully automated data management system which allows you to focus on your mission and your students. Our solution is scalable, and affordable allowing it to grow along with your district. Learn more about automated student provisioning.
Is an Automated Solution to Security and Patches Possible?