At the start of January, Windows 7 reached end-of-life, leaving customers with no choice but to update their NVR appliance operating system to Windows 10 or sit in a state of constant vulnerability with no future software or security updates. The upgrade process is not only complex, but it also leaves customers at risk of losing their existing data.
While moving to Windows 10 seemed like a necessary and hopefully safe choice for most, it turns out, the operating system has a huge vulnerability of its own.
Windows CryptoAPI Spoofing
The vulnerability, known as CVE-2020-0601, allows an attacker to spoof (otherwise trick) an operating system into thinking it is a valid certificate, whereas the certificate can include malicious software such as malware. Unfortunately for users, the vulnerability is difficult to catch, as the attacker can successfully manipulate the certificate to appear as trusted.
From the National Security Agency:
“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”
What Can an Attacker Do?
Once an attacker has gained certified access to your machine, whether it be a PC or NVR appliance, they have access to your network and anything that sits on it. This includes other devices where they could further spread malware, as well as personal, confidential information that can be shared. This type of situation gets many organizations in trouble, as they have now exploited their employees and customers to an external threat.
Next Steps for Affected Users
If you are running an affected Windows NVR appliance, which is virtually all Windows machines, it is highly recommended that you install Microsoft’s security patch to prevent any future attacks.
However, this isn’t the first time a Windows system has been affected by a major vulnerability, and it certainly won’t be the last. If your video security currently runs on a Windows operating system and is connected to your greater network infrastructure, you may want to also consider other options to protect your organization better. With Verkada, customers benefit from a closed system running on Verkada's own firmware, provides automatic software updates, and encrypts all data both in transit and at rest.
To learn more about Verkada, contact [email protected].