Post by account_disabled on Feb 25, 2024 7:01:44 GMT
After announcing the end of support for Windows 7 , Microsoft has recently faced a problem related to Windows 10 and Windows Server 2016 and 2019 . The NSA (National Security Agency), the US government's national security agency, has detected a serious security vulnerability, called CVE-2020-0601, which affects a component known as CryptoAPI. Content index: What is the Windows vulnerability? What did the NSA learn? Download the security update What is the Windows vulnerability? Among the features of CryptoAPI, the use of digital signature stands out .
The vulnerability, in fact, concerns the way in which Microsoft uses digital signatures to verify Chinese Student Phone Number List that software is authentic: the flaw could facilitate the falsification of legitimate software and deploy remote code execution attacks . This security flaw could expose various confidential information such as login credentials, documents and sensitive data to attackers . As the Redmond company explains, A spoofing vulnerability exists that allows the CryptoAPI component (crypt32.dll) to validate Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by assigning a certificate to malicious code, making the file appear to be created by a legitimate source.
The user would thus have no way of knowing its dangerous nature since the digital signature would appear to be attributed to a reliable provider. For this reason it is essential to download the update as soon as possible , released in a very short time by Microsoft following the NSA report. Install the update What did the NSA learn? The story demonstrates how the NSA has certainly learned from its past mistakes. We remember when, about 2 years ago, the government agency cracked a vulnerability discovered in Windows and developed the EternalBlue exploit, used for surveillance purposes. The situation became public knowledge and a hacker managed to illegally spread EternalBlue, infecting thousands of computers with the WannaCry ransomware, one of the most well-known ever, causing millions of dollars in damage. Download the security update Both Microsoft and the NSA say they have found no evidence of the vulnerability being exploited by attackers, urging people to immediately install the security patch, which affects Windows 10, Windows Server 2016 and Windows Server 2019.
The vulnerability, in fact, concerns the way in which Microsoft uses digital signatures to verify Chinese Student Phone Number List that software is authentic: the flaw could facilitate the falsification of legitimate software and deploy remote code execution attacks . This security flaw could expose various confidential information such as login credentials, documents and sensitive data to attackers . As the Redmond company explains, A spoofing vulnerability exists that allows the CryptoAPI component (crypt32.dll) to validate Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by assigning a certificate to malicious code, making the file appear to be created by a legitimate source.
The user would thus have no way of knowing its dangerous nature since the digital signature would appear to be attributed to a reliable provider. For this reason it is essential to download the update as soon as possible , released in a very short time by Microsoft following the NSA report. Install the update What did the NSA learn? The story demonstrates how the NSA has certainly learned from its past mistakes. We remember when, about 2 years ago, the government agency cracked a vulnerability discovered in Windows and developed the EternalBlue exploit, used for surveillance purposes. The situation became public knowledge and a hacker managed to illegally spread EternalBlue, infecting thousands of computers with the WannaCry ransomware, one of the most well-known ever, causing millions of dollars in damage. Download the security update Both Microsoft and the NSA say they have found no evidence of the vulnerability being exploited by attackers, urging people to immediately install the security patch, which affects Windows 10, Windows Server 2016 and Windows Server 2019.