Serious Security Alert: Update Windows
Just keeping everyone informed as much as possible, especially when it’s a really bad thing happening.
So they say that good and bad things come in 3s and we are defiantly facing the bad at this moment in time when it comes to cyber security. This is now the third incident in the last five days between Firefox, Citrix and now Windows. It was announced yesterday that there was a Critical flaw in Windows that has been identified. A spoofing vulnerability exists in the way that a file called Crypt32.dll (Windows CryptoAPI) validates these ECC certificates.
From Microsoft –
“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”
It’s been announced that there will be a patch released last night. We here at Net X IT Solutions advise that you look into installing this patch as soon as possible, today if possible and keep paying attention to any news about this issue whether it’s from us or another source. Below are a couple of links that can give you some more detail into this vulnerability.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
Thank you to everyone who has messaged us over the last week. We try not to be Chicken Little “the sky is falling” so we only try to bring up the most critical issues and it’s warming to be told that everyone is finding these useful.
Have a Great Day 🙂
Steven Stratton – Net X It Solutions
