Pretty bad exploit, should update asap.https://krebsonsecurity.com/2020/01/cry … h-tuesday/https://kb.cert.org/vuls/id/849224/https://cyber.dhs.gov/ed/20-02/On January 14, 2020, Microsoft released a software patch to mitigate significant vulnerabilities in supported Windows operating systems. Among the vulnerabilities patched were weaknesses in how Windows validates Elliptic Curve Cryptography (ECC) certificates1 and how Windows handles connection requests in the Remote Desktop Protocol (RDP) server and client.2The vulnerability in ECC certificate validation affects Windows 10, Server 2016, and Server 2019. It bypasses the trust store, allowing unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization, which may deceive users or thwart malware detection methods like anti-virus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows’ CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.Vulnerabilities in the Windows Remote Desktop client (affecting all supported versions of Windows, including Server) and RDP Gateway Server (affecting Server 2012, 2016, 2019) allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.Though the Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of these vulnerabilities, once a patch has been publicly released, the underlying vulnerabilities can be reverse engineered to create an exploit. Aside from removing affected endpoints from the network, applying this patch is the only known technical mitigation to these vulnerabilities.CISA has determined that these vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action. This determination is based on the likelihood of the vulnerabilities being weaponized, combined with the widespread use of the affected software across the Executive Branch and high potential for a compromise of integrity and confidentiality of agency information.
I wonder if you could just copy the updated crypt32.dll to a Windows XP machine to resolve the issue.