PSA: The NSA says PATCH your Windows machines
It’s not often that the NSA feels so compelled about a 3rd party patch that it makes an official announcement on it’s website for the public to take action. Microsoft released a series of patches on Tuesday (Patch Tuesday) and one of the patches addresses CVE-2020-0601. This according to the NSA is a serious vulnerability because it can make malware seem legitimate to the Windows Operating System. So defender and other malware/antivirus software will not flag it as a threat. Bad actors can also use the exploit to craft PKI certificates to spoof websites and other trusted entities to leverage the trust and compromise the systems.
The NSA is urging all enterprises to fully patch their Windows 10 and Server 2016 machines.
NSA contributed to addressing this problem by discovering and characterizing the vulnerability, and then sharing with Microsoft quickly and responsibly. The company has provided the solution, and now all of us need to adopt it.
It seems like the past few days I’ve had to make a post related to security. This is not at all a security blog and I’d s uggest you do your own research to stay protected but figured I would also do my part to help get the message out since these are systems we all use everyday.
If you are a normal user, make sure you have Windows Update enabled so that these patches will be automatically installed for you.
Stay Safe out there!