MAS warns financial sector of critical vulnerabilities in Microsoft Windows

Critical security flaws discovered in Microsoft Windows operating systems prompted the Monetary Authority of Singapore to issue an alert on Jan 15 and another one on Jan 17, 2020. PHOTO: ST FILE

SINGAPORE - Critical security flaws have been discovered in Microsoft Windows operating systems affecting millions of machines running on them, prompting the Monetary Authority of Singapore (MAS) to issue an alert on Wednesday (Jan 15) and another one on Friday (Jan 17).

"These vulnerabilities could allow malicious files or applications to bypass detection from security applications and gain control of the computer systems," said the MAS on Friday (Jan 17) in a statement.

This could lead to unauthorised financial transactions and data alterations, among other fraudulent activities.

"MAS will continue working closely with financial institutions to monitor the cybersecurity developments and ensure that IT systems in the financial sector are safeguarded and remain resilient against cyber threats," according to the MAS, urging financial institutions to install software patches which are already available.

Affected Microsoft products include Windows 10 and several versions of Windows Server from 2008 to 2019.

The Cyber Security Agency of Singapore (CSA) classified the flaws as "highly critical and require immediate prioritisation".

For instance, one of the flaws - found in Microsoft Windows 10, Windows Server 2016 and Windows Server 2019 - would enable hackers to conduct what is known as man-in-the-middle attacks, where they would intercept and steal consumers' personal information including login credentials, account details, credit card numbers. These pieces of information could be used in a variety of purposes, including identity theft for making fraudulent purchases.

CSA added that these vulnerabilities could also make some files appear that they were from trusted sources, using a fake digital signature, and could pave the way for hackers to gain control of their systems.

The National Security Agency in the United States discovered some of the vulnerabilities earlier this week and alerted Microsoft to it.

Join ST's Telegram channel and get the latest breaking news delivered to you.