833-847-3280
Schedule a Call

NSA Discovered Critical Vulnerabilities in Microsoft’s Windows Operating System

Microsoft released a set of patches for the serious flaws in the different versions of Windows after the National Security Agency (NSA) discovered and reported critical vulnerabilities in Microsoft’s Windows Operating System.

Vulnerabilities in Microsoft’s Windows Operating System: What Happened

On Tuesday, January 14, Microsoft released a new patch for Windows 10 and Server 2016 after the National Security Agency (NSA) discovered the vulnerabilities.

One of the vulnerabilities, CVE-2020-0601 is critical, and the patch should be applied immediately.

The “CVE” in the label stands for Common Vulnerabilities and Exposures, which is a list of known vulnerabilities with a descriptive label or identification number, as well as a description of the vulnerability.  This is often what vulnerability scanning software uses to determine if a system has any vulnerabilities.

The CVE-2020-0601 vulnerability can be exploited to undermine Public Key Infrastructure (PKI) trust.  Attackers can create a forged certificate to spoof trusted agencies such as web sites, software companies, service providers, etc.

Vulnerabilities in Microsoft’s Windows Operating System: What it Means

Essentially, an unpatched system would have a hard time determining the legitimacy of software or establishing secure web connections.  Then attackers could remotely distribute malware or intercept sensitive data.  This signed malware could bypass normal protections, such as antivirus, that only run applications with valid signatures, because it appears valid to the unpatched system.

Windows 10 is the most-used operating system and is installed on more than 900 million PCs.

But Wait … There’s More

Another set of vulnerabilities discovered, CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611, affect Windows Servers 2012 and newer.  Additionally, CVE-2020-0611 affects Windows 7 and newer.  This set of vulnerabilities affect the Windows Remote Desktop Client and RD Gateway Server, which allows for remote code execution where arbitrary code could be run freely.  The server vulnerabilities do not require authentication or user interaction. The client vulnerability would enable a user to connect to a malicious server.

Critical vulnerabilities in Microsoft’s Windows Operating System is a big issue. These vulnerabilities can have a severe impact on end users.  There can be disruptions in day-to-day business, temporary or permanent loss of sensitive data, and potential harm to an organization’s reputation.  All of these can lead to financial losses related to restoring files and systems and dealing with possible breach notifications and actions.

Take Action

The best course of action is to check for available updates immediately and install them.  If you have a notification that updates are needing to be installed and your system needs to restart, restart the computer.  Don’t wait until the end of the day or the end of the work week.

To see if you currently have any of these vulnerabilities and more, contact us today.  We can run a quick vulnerability scan or we can conduct a penetration test and see if there is anything we can exploit, with your permission.

Latest Posts

A transparent image used for creating empty spaces in columns
As cyber threats grow more complex and persistent, regulatory frameworks like PCI DSS 4.0 have evolved to demand more rigorous and transparent security practices. One of the key updates in PCI DSS 4.0 is the enhanced requirement for penetration testing reports, pushing organizations to go…
A transparent image used for creating empty spaces in columns
A penetration test, also known as a pen test, is a crucial cybersecurity measure that enables organizations to identify vulnerabilities in their networks, applications, and security controls. However, the real value of a penetration test lies in how well an organization can interpret the findings…
A transparent image used for creating empty spaces in columns
The release of PCI DSS 4.0 introduces significant enhancements to the security landscape, particularly in the area of security controls and penetration testing. While penetration testing has always been a critical component in identifying vulnerabilities within a network or system, the updated PCI DSS standards…
A transparent image used for creating empty spaces in columns
Social engineering attacks remain one of the most effective ways cybercriminals gain access to sensitive information, systems, and financial assets. Phishing, pretexting, baiting, and other manipulative tactics exploit human psychology, making it difficult to defend against using technical measures alone. Organizations often use social engineering…
A transparent image used for creating empty spaces in columns
 With the release of PCI DSS 4.0, penetration testing requirements have evolved to enforce a layered approach to security. This update ensures that organizations assess vulnerabilities at both the network and application layers, creating a more comprehensive security posture to protect payment card data.…
A transparent image used for creating empty spaces in columns
Web applications are at the core of digital business operations, making them a prime target for cybercriminals. A successful attack on a vulnerable web application can lead to data breaches, financial losses, reputational damage, and compliance violations. To safeguard against these risks, organizations must conduct…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
On Load
Where? .serviceMM
What? Mega Menu: Services