The US National Security Agency (NSA) issued a rare warning about a vulnerability discovered in Windows 10 at a press conference on January 14, 2020.
The exploit takes advantage of the way Windows 10 validates digital certificates, which allow software to run that is deemed legitimate by the OS.
An attacker could mimic a genuine certificate and use it to run malware, potentially installing ransomware, gaining remote access, or setting up a backdoor for spying.
Windows 10 would view the software as coming from a trusted source and allow the executable to run.
This bug affects Windows 10, Windows Server 2016, and Windows Server 2019.
Microsoft has already issued a patch (CVE-2020-0601) for this exploit via Windows Update.
The fix can also be downloaded from the Microsoft Security Response Center website.
Need Help with Windows?
For this or other issues with Windows 10, the Method IT team is here to help! Founded in Tokyo in 2004, we are a registered Microsoft Silver Partner and offer fast and friendly English-Japanese bilingual support from native speakers.
Feel free to open a support ticket below to get in touch with one of our specialists!
Follow us for news on Windows 10, Office 365, and other Microsoft solutions
- Effective teleworking, tech, and health advice for difficult times plus need-to-know IT tips and headlines for March 2020.
- A serious security vulnerability in Internet Explorer could let attackers run malicious code via a memory handling bug. A small number of cases of active …
- Shop for the latest laptops, desktops, network gear, peripherals, and software licenses in Japan with IT service addons. Plus the latest tech tips and news …
- Microsoft released an all-new, cross-platform version of the Edge browser via Windows Update and as a standalone app on January 15, 2020. Why so important? …