MAS warns financial institutions of vulnerabilities in MS Windows

THE Monetary Authority of Singapore (MAS) has alerted financial institutions to critical vulnerabilities in the Microsoft Windows Operating System that could allow malicious files or applications to bypass detection and gain control of computer systems.

Affected financial institutions are advised to install security updates released by Microsoft on Jan 15, 2020, that address 49 vulnerabilities. Four of the vulnerabilities are highly critical and need immediate attention, according to the Cyber Security Agency of Singapore (CSA).

MAS issued an advisory on Jan 15 and informed financial institutions using the affected Windows Operating Systems to immediately install the relevant patches. It also advised financial institutions to take mitigating measures to prevent the vulnerabilities from being exploited.

CSA said one of the highly critical vulnerabilities could allow attackers to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. A man-in-the-middle attack occurs when an unauthorised entity intercepts the communications between two systems.

The other three could allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities. These include unauthorised installation of programmes, the creation of rogue administrator accounts and the viewing, changing or deleting of data.

More details of the vulnerabilities and affected products can be found in CSA's advisory.