The NSA is notoriously tight-lipped. They aren’t much for sharing or holding anyone’s hand. A couple of years ago they had knowledge of a Windows bug and successfully exploited that for their own powerful hacking tool (known as Eternal Blue). That is, until the tool was leaked online about 5 years later.
This might help show the importance of them sharing the following information: Windows 10 and Windows 2016 have a MASSIVE vulnerability.
What is the Vulnerability?
The vulnerability is specific to Microsoft’s CryptoAPI service. This tool helps developers, using cryptology, “sign” software, data, or generate digital certificates. This is part of the process of authentication. Windows checks for this signature on users’ devices.
This vulnerability is designated CVE-2020-0601.
How does this affect you?
This vulnerability allows potential exploiters to sabotage protections and then take control of a victim’s device. It affects all systems running Windows 10 in its 32 or 64-bit versions. To wax metaphoric: Harmful software can get dressed up fine and fancy and bypass security by passing itself off as having a passport signed by a trusted source. But the passport is a fake, and the CryptoAPI is fooled by the fake passport and fine apparel and lets the software connect. Now, this poser can decrypt your secure data or put some of its own in your system.
What You Need To Do, NOW
You need to update all your computers and Windows Servers to the latest patch that was released today. You can do that by running on update on your Windows program.
How We Can Help
Managed Services: We are no stranger to bug fixes, software updates, and servicing tech environments. This Windows update is routine maintenance for us here at Fibernet. Our clientele with Managed Services get updates automatically at least once a month, and this patch is just a part of the work we do for them. Let us take the headache of security vulnerabilities off your plate so you can work on more juicy projects.
Securing Your Data: Let’s say you didn’t get that Windows update installed quick enough. A well dressed Iranian had a signed faux passport and waltzed right in. Let’s say he wanted to plant some new seeds of distress on your server, and all of your data is wiped clean as he prepares the field. If you had a secure backup service, like what we offer through Rubrik, this wouldn’t be a big deal. Let’s shut down the possibility that you could be left vulnerable, and get you set up with a service that dresses up with terms like Security, Control, Recovery, and Protection.
Don’t put off your Windows updates! If you need help, contact us! We can help with all your security needs. To read more about the issue from Microsoft directly, click here.