The US National Security Agency (NSA) issued a rare warning about a vulnerability discovered in Windows 10 at a press conference on January 14, 2020.
The exploit takes advantage of the way Windows 10 validates digital certificates, which allow software to run that is deemed legitimate by the OS.
An attacker could mimic a genuine certificate and use it to run malware, potentially installing ransomware, gaining remote access, or setting up a backdoor for spying.
Windows 10 would view the software as coming from a trusted source and allow the executable to run.
This bug affects Windows 10, Windows Server 2016, and Windows Server 2019.
Microsoft has already issued a patch (CVE-2020-0601) for this exploit via Windows Update.
The fix can also be downloaded from the Microsoft Security Response Center website.
Need Help with Windows?
For this or other issues with Windows 10, the Method IT team is here to help! Founded in Tokyo in 2004, we are a registered Microsoft Partner and offer fast and friendly English-Japanese bilingual support from native speakers.
Feel free to open a support ticket below to get in touch with one of our specialists!
Follow us for news on Windows 10, Office 365, and other Microsoft solutions
- On October 1st, 2020 Microsoft unveiled the new Surface Laptop Go, offering premium Surface design at an exceptional value, along with some exciting new accessories …
- As more and more of us look set to work remotely for the long term, we all need a group chat platform that is reliable, …
- Effective teleworking, tech, and health advice for difficult times plus need-to-know IT tips and headlines for March 2020.
- A serious security vulnerability in Internet Explorer could let attackers run malicious code via a memory handling bug. A small number of cases of active …