Last week, Microsoft released a security update to fix “a broad cryptographic vulnerability” discovered within its Windows operating system. The bug was first identified and reported by the US National Security Agency (NSA), and should be patched immediately. We are sending you this advisory to make you aware of (and strongly encourage you to patch) a vulnerability identified within certain Microsoft Windows Operating Systems. If you are affected, we highly recommend patching your systems as soon as possible.
According to Microsoft, an attacker could exploit this bug “to sign a malicious executable, making it appear the file was from a trusted, legitimate source.”
The bug could also be used to fake digital certificates used for encrypted communications.
“A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software,” Microsoft said.
This vulnerability impacts Windows 10, Windows Server 2019, and Windows Server 2016 OS versions.
What you should do:
Consider enabling auto-updates on your computer systems and keep them as up to date as possible. This patch is classified as “critical,” and should be treated with urgency and applied as soon as possible.
Details:
The vulnerability, tracked as CVE-2020-0601, impacts the Windows CryptoAPI, a core component of the Windows operating system that handles cryptographic operations.
According to a security advisory published on Tuesday, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.”
If you aren’t sure whether your computer is patched or not, please Contact Us and we’ll make sure you’re secure.