An attacker could exploit this vulnerability to deliver
malicious code that appears to be from a trusted entity. Once a system has been
exploited, attackers can further cause harm by decrypting confidential
information from user connections to the impacted software as well as launch
man-in-the middle attacks. Examples where validation of trust may be impacted
Signed files and emails
Signed executable code launched as user-mode
Additionally, attackers may be able to spoof x.509 certificate chains that could allow for the interception and modification of TLS-encrypted communications, spoofing websites or spoofing authenticode signatures.
The following platforms are affected:
Windows Server 2016
Windows Server 2019
The University Technology Information Security Office
strongly recommends that impacted systems are patched with the security update
as soon as possible.