Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ as follows: 1. Added a reminder to customers that The DisableCapiOverrideForRSA registry key will be removed in April 2026. 2. Added an update that states: The October 14, 2025, Windows updates addressing CVE-2024-30098 revealed issues in applications where the code does not correctly identify which provider is managing the key for certificates propagated from a smart card to the certificate store. This misidentification can cause cryptographic operations to fail in certain scenarios. Please see [Guidance for certificate handling for Smart Card propagated certificates](http://support.microsoft.com/kb/5073121) for guidance for application developers on how to detect the correct handler and resolve these issues. These are informational changes only.
Source: https://msrc.microsoft.com/update-guide ... 2024-30098
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Who is online
Users browsing this forum: No registered users and 1 guest