It is highly recommended to install security patches on all Windows systems in an environment, particularly any that are exposed to the Internet. As vulnerabilities are discovered, maintaining a consistent patching cycle for devices can help reduce attack surface and prevent an environment from being breached. Threat actors have been known to still use fixed vulnerabilities that are months old, due to inconsistent patching among many systems around the world. It is also recommended to run Akamai’s OSQuery query, or equivalent tool, across all systems to determine which may be impacted by the vulnerability. In cases where a tool like OSQuery is not available, checking the version number of the crypt32.dll file can help determine if a device is vulnerable or not. Finally, for any developers that create applications using this Windows API, it is recommended to use other Windows-based APIs to double-check the validity of a certificate before using it. One potential API to use is CertVerifyCertificateChainPolicy, which is a Windows API that checks a certificate chain to verify its validity. This additional step can help prevent an application from being vulnerable to this vulnerability, as well as potentially other certificate spoofing vulnerabilities.
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-windows-cryptoapi-spoofing-bug/
https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi
