Microsoft has released an urgent patch for Windows after the US National Security Agency (NSA) discovered a critical operating system error.
As part of the regular Tuesday patch, the company released a fix for CVE-2020-0601 vulnerability, and the NSA says that anyone running Windows 10, Windows Server 2016, or Windows Server 2019 will be "strongly encouraged" to apply the patch to install.
This is the first time that the NSA has given public recognition to a software discovery vulnerability, and the agency has notified Microsoft so that it can work on a fix. It is not believed that the vulnerability has already been exploited. However, since the details are not known, all available updates must be installed to ensure the security of Windows.
The problem is in the Windows CryptoAPI (Crypt32.dll) and could allow an attacker to use fake security certificates to install malware under the guise of valid software. Experts warn that the vulnerability could also be used to attack networks.
In a tweet, the NSA advised Windows users of the error and asked them to install the patch:
On this #PatchTuesday it is strongly recommended to implement the recently released patch CVE-2020-0601patch immediately. https://t.co/czVrSdMwCR pic.twitter.com/log6OU93cV[19459009lightboxesJanuary142020[19659007[Getpatched
Obviously, neither the NSA nor Microsoft are willing to disclose too much detail about the vulnerability. It takes time for users to install patches and updates, especially at the corporate level, so understandably there is a fear that attackers might try to exploit unpatched systems. The NSA acknowledges that "experienced cyber actors will understand the underlying error very quickly," and rates the vulnerability as serious as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems ". Businesses and organizations with a large number of computers should focus on patching the most vulnerable systems on the front.
There's no time to waste, so check for updates immediately so you have the latest Patches installed, you can do this on the Microsoft website or by clicking the Start button and navigating to Settings> Update and Security> Windows Update.