Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers

We have already sent our clients emails about their servers and if you are managing with us we have already started updating the servers. Give us a call if you have any questions.

NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows®1cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples, where validation of trust may be impacted, include:

  • HTTPS connections
  • Signed files and emails
  • Signed executable code launched as user-mode processes

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. The rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.

NSA : https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

(Visited 24 times, 1 visits today)

Leave A Comment

Your email address will not be published. Required fields are marked *