Hundreds of millions of Windows 10 users are having an important patch rolled out to their computers today after Microsoft was warned by the NSA of a serious security hole in the operating system.
The fix comes as part of “Patch Tuesday”, Microsoft’s regular bundle of patches issued on the second Tuesday of every month, and addresses a dangerous vulnerability – dubbed unglamorously CVE-2020-0601 – in a component of Windows called CryptoAPI:
An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
The good news is that Microsoft says it has not seen any evidence that CVE-2020-0601 has been actively exploited by attackers.
However, it’s clear from public statements from the NSA that the update should be applied to vulnerable systems as a matter of priority.
This #PatchTuesday you are strongly encouraged to implement the recently released CVE-2020-0601 patch immediately. https://t.co/czVrSdMwCR
Support the originator by clicking the read the rest link below.