Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

NSA Discovered Critical Vulnerabilities in Microsoft’s Windows Operating System

Microsoft released a set of patches for the serious flaws in the different versions of Windows after the National Security Agency (NSA) discovered and reported critical vulnerabilities in Microsoft’s Windows Operating System.

Vulnerabilities in Microsoft’s Windows Operating System: What Happened

On Tuesday, January 14, Microsoft released a new patch for Windows 10 and Server 2016 after the National Security Agency (NSA) discovered the vulnerabilities.

One of the vulnerabilities, CVE-2020-0601 is critical, and the patch should be applied immediately.

The “CVE” in the label stands for Common Vulnerabilities and Exposures, which is a list of known vulnerabilities with a descriptive label or identification number, as well as a description of the vulnerability.  This is often what vulnerability scanning software uses to determine if a system has any vulnerabilities.

The CVE-2020-0601 vulnerability can be exploited to undermine Public Key Infrastructure (PKI) trust.  Attackers can create a forged certificate to spoof trusted agencies such as web sites, software companies, service providers, etc.

Vulnerabilities in Microsoft’s Windows Operating System: What it Means

Essentially, an unpatched system would have a hard time determining the legitimacy of software or establishing secure web connections.  Then attackers could remotely distribute malware or intercept sensitive data.  This signed malware could bypass normal protections, such as antivirus, that only run applications with valid signatures, because it appears valid to the unpatched system.

Windows 10 is the most-used operating system and is installed on more than 900 million PCs.

But Wait … There’s More

Another set of vulnerabilities discovered, CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611, affect Windows Servers 2012 and newer.  Additionally, CVE-2020-0611 affects Windows 7 and newer.  This set of vulnerabilities affect the Windows Remote Desktop Client and RD Gateway Server, which allows for remote code execution where arbitrary code could be run freely.  The server vulnerabilities do not require authentication or user interaction. The client vulnerability would enable a user to connect to a malicious server.

Critical vulnerabilities in Microsoft’s Windows Operating System is a big issue. These vulnerabilities can have a severe impact on end users.  There can be disruptions in day-to-day business, temporary or permanent loss of sensitive data, and potential harm to an organization’s reputation.  All of these can lead to financial losses related to restoring files and systems and dealing with possible breach notifications and actions.

Take Action

The best course of action is to check for available updates immediately and install them.  If you have a notification that updates are needing to be installed and your system needs to restart, restart the computer.  Don’t wait until the end of the day or the end of the work week.

To see if you currently have any of these vulnerabilities and more, contact us today.  We can run a quick vulnerability scan or we can conduct a penetration test and see if there is anything we can exploit, with your permission.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903