NSA confirms severe Windows 10 bug, Microsoft fixes

Read Time:2 Minute, 8 Second

Microsoft and the NSA have confirmed the bug in Windows 10, which was described as severe. A fix is ​​available through Windows Update now.

La NSA a confirm

As expected, Microsoft has recognized a major flaw in Windows affecting the Windows 10 cryptographic library. Updates included in the January Patch Tuesday delivered yesterday correct this problem specific to Windows 10 and Windows Server.

The flaw with the reference CVE-2020-0601 has been identified in the usermode cryptographic library CRYPT32.DLL on Windows 10 systems. Contrary to previous rumors, this flaw does not affect Windows 7, for which, ironically, support ended yesterday also. Fortunately, Microsoft reported that the vulnerability was not being exploited. But since the vulnerability is now known, an attacker could exploit it. Specifically, the attack could allow malware to use a spoofed cyrptographic signature to enter a system. Antivirus software could therefore identify such malware as legitimate applications, or fake banking sites could use the vulnerability to trick a user’s computer into believing that it is on their legitimate bank site.

The NSA behind the discovery of the flaw

Microsoft has not cited the source behind the discovery of the vulnerability. According to the Washington Post, the exploit was developed by the US National Security Agency (NSA), which then reported it to Microsoft. The NSA took credit for the discovery in a security advisory released on Tuesday. According to Microsoft, the CVE-2020-0601 vulnerability only affects Windows 10. But the NSA believes it affects Windows Server 2016/2019 as well.

“Exploitation of the vulnerability allows attackers to prevent trusted network connections and deliver executable code masquerading as legitimate trusted entities,” the NSA said. “Trust validation can be impacted in HTTPS connections, for signed files and emails, and when a signed executable code is launched in user mode.”

A patch in express mode

The NSA advises everyone to apply the patches delivered yesterday by Microsoft as quickly as possible to avoid any risk to their PC. “The NSA rates the vulnerability as severe and savvy cyber actors will quickly understand the underlying flaw. If it were exploited, the platforms concerned would be very vulnerable, ”wrote the NSA.

“Failure to apply corrective measures exposes serious and widespread consequences. Remote operating tools will probably be available quickly and widely ”. Users should make sure their Windows 10 PCs are up to date and allow Windows Update to send the patch as soon as it becomes available. Microsoft provides details on the January 2020 Windows security updates at this address: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan.

About Post Author

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Le Zero Trust S’panouit Chez Palo Alto Networks Previous post Le zero trust s’panouit chez Palo Alto Networks
With The Acquisition Of Envizi, Ibm Strengthens Its Management Of Next post With the acquisition of Envizi, IBM strengthens its management of environmental performance