The NSA found a dangerous flaw in Windows and told Microsoft to fix it
16 Jan 2020 — #GroupThink
You need to update your Windows machine right now. The National Security Agency discovered a major flaw in Microsoft Windows that would have allowed hackers to compromise the newest versions of Windows 10, an operating system used by nearly one billion devices.
Scheduled as part Microsoft’s regular distribution of patches issued on the second Tuesday of every month, the security fix mitigates a critical vulnerability in the Windows programming interface, CryptoAPI.
A description of the vulnerability was posted by Microsoft in a security advisory titled, CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability:
An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
Thank you for being incompetent. Because of you, I'm forced to install your shitty useless updates.— 🔪Just Sarah🔫 (@SarahTheVamphog) January 16, 2020
Thanks again Microsoft. https://t.co/F1MjeGzOd4