A US intelligence agency, the NSA, has confirmed the existence of a major threat allowing hackers to exploit Windows 10 users by spoofing its trust certificates paving the way for malware and ransomware. Here's what you need to know.
If you’re a Windows user, all Patch Wednesdays should be important, save for those instances where Microsoft borks a patch and actually makes your Windows system worse than it was previously. Getting the latest feature and security updates for your system—mostly the latter—should be something you look forward to each month. But today’s Patch Wednesday is even more important than most.
The NSA confirmed to Washington Post the threat, called CVE-2020-0601, and that it had alerted Microsoft about its existence. Microsoft has since admitted on 14 January it was now aware of the threat and issued a critical security patch.
— NSA/CSS (@NSAGov) January 14, 2020
"An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source," Microsoft said in a post. "The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider."
"A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
Tenable's CTO, Renaud Deraison, explained the threat could open the floodgates for a number of nasty malware and ransomware threats."
"CVE-2020-0601 hits at the very trust we have in today's digital computing environments — trust to authenticate binaries and trust that our ciphered communications are properly protected," Deraison said in a media release.
"The flaw would enable an attacker, among other things, to exploit how Windows verifies cryptographic trust, enabling them to deliver executable code and making it look like it came from a trusted source. You can imagine its use in ransomware and phishing attacks on unpatched systems. This is a serious vulnerability and one that we fully expect to see exploited in the wild in the coming weeks and months. We will see continued attacks over the course of the year among organisations that do not patch their systems quickly.
"The NSA's responsible disclosure of the vulnerability to Microsoft is a step in the right direction. We look forward to continued public-private sector coordination."
How do I keep my PC safe?
The most important step here is to download the security patch as soon as possible. Head to Microsoft's advisory page and search for the compatible patch and download it. You can check which patch applies to your computer by heading to your PC's About page and checking what version you're currently running.
It's been a rocky few months for Windows 10 with a number of its updates crashing user's computers and breaking key functions. This latest issue, however, seems the most urgent so it's best not to put off patching your PC.
We regret to inform you that the latest Windows 10 updates continue to be downright pests. This time, there are reports of some users receiving the rightfully ominous-sounding, Blue Screen of Death (BSOD) after updating. Here's what you should do.