Office

Confirmed a security flaw in windows 10 and windows server 2016 discovered by the nsa

2024
Confirmed a security flaw in windows 10 and windows server 2016 discovered by the nsa

Table of contents:

Anonim

Yesterday began rumors that a serious security flaw had been discovered in Windows 10, which affected all its versions, in addition to Windows Server 2016. It is a failure that the NSA, the National Security Agency of The United States has discovered. After informing Microsoft about the presence of said failure, the company has already confirmed it.

Confirmed a security flaw in Windows 10 and Windows Server 2016 discovered by the NSA

The company acknowledges the existence of the failure and asks users to update any of the patches that have already been released as soon as possible as a correction of this serious error.

Failure in handling certificates and encrypted messaging

This security flaw in Windows 10 is a phishing vulnerability that affects Windows CryptoAPI (Crypt32.dll). This makes it possible to validate elliptic curve cryptographic certificates (ECC). So an attacker could falsify digital signatures, posing as malware posing as a legitimate application on the computer.

Since it would be using a false code signing certificate with which to sign a malicious executable. The file is made to appear to be secure and to have a trusted source, although it is not. Also, the user has no way of knowing if the file is malicious, because the digital signature makes it appear that it comes from a trusted site.

Due to this error, the attacker could even decrypt confidential information about the connections. It is something that could affect almost any application in Windows 10, including sensitive browser data, among others. Microsoft has said that so far there are no records that this bug has been exploited, although it is a serious security issue.

For Windows 10 users, several patches are released, ending this problem. This is update CVE-2020-0601, available on the operating system itself or on Microsoft's security website. So the recommendation is to update as soon as possible and thus be protected against this serious security flaw in the operating system.

The Hacker News Font

Discovered a serious flaw in a Windows execution code

Discovered a serious flaw in a Windows execution code

Discovered a serious flaw in a Windows execution code. Researchers at Google Project Zero discover a serious flaw.

Security flaw discovered in the co

Security flaw discovered in the co

We are still not recovering from what is happening with Specter and Meltdown, as a new vulnerability is discovered that is now affecting AMD processors with 'AMD Secure'.

Serious security flaw discovered in wd's my cloud nas drives

Serious security flaw discovered in wd's my cloud nas drives

It turns out that this security flaw in devices with My Cloud NAS allows anyone to log in to the device with username mydlinkBRionyg and password abc12345cba.

Office

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button