A serious security flaw affects Windows 10 and Windows Server 2016.

Windows Articles

How to create GPO in Windows Server 2019.

Hi, in today's post we will be looking at GPOs in Windows Server 2019. The Group Police Object are a set of...

How to install OpenLiteSpeed on Ubuntu 20.04?

There are several web servers for Linux but other alternatives are always welcome. In this case, I will show you how to...

Linux 5.7 available

Time passes very quickly and we already have a new version of the Linux kernel that as always we are happy because...

How to install RStudio on Ubuntu 20.04 / 18.04

No matter how complete and robust a programming language is, the programmer will always need a tool to write the code. These programs have...

How to install Arduino IDE on Ubuntu 20.04 / 18.04 / Linux Mint 19.X?

Hi, folks. In this post, we will show you how to install Arduino IDE on Ubuntu 20.04/ 18.04 and Linux mint 19.x. You probably already...

Several media specialized in technology have reported the presence of a vulnerability that affected Windows 10 in all its versions and Windows Server 2016. Interestingly, this threat was discovered by the U.S. National Security Agency. Consequently, the agency decided to inform Microsoft to find a solution as soon as possible. Recently Microsoft confirmed the vulnerability in both operating systems. It has also published the patch for the systems. A quick update is recommended. Next, we will see, how this security flaw affects Windows 10 and Windows Server 2016.

The failure affects the handling of certificates and encrypted messaging.

The security flaw is a phishing vulnerability that affects Windows CryptoAPI (Crypt32.dll) Under these circumstances, Elliptic Curve Cryptography (ECC) certificates are eventually validated. This would allow an attacker to forge digital signatures, making the malware look like a legitimate application. In other words, a false code signing certificate is created to sign a malicious executable. This way it appears that the file comes from a legitimate and trusted source. Consequently, it would be difficult for the user to know that the file is malicious since the digital signature would seem to come from a reliable provider.

As a consequence of this vulnerability, the attacker could perform man-in-the-middle attacks. And in this way decode confidential information about user connections within almost any application on Windows 10 and Server 2016. Consequently, authentication on Windows desktops and servers is under threat. Similarly, sensitive data entered into Internet Explorer and Edge could be affected. On the other hand, Microsoft claims that it has no reports that the bug has been exploited. However, it is still a major security flaw.

How to solve the failure.

As mentioned, Microsoft has already detected the bug and released the respective patches. This way the operating system can detect and block malware that tries to exploit the vulnerability. One of the first entities to receive the patch was the United States Army. Similarly, other high-level customers and other potential targets. However, Microsoft has made available to the public the update CVE-2020-0601. It can be downloaded from this link. We have finally seen how this security flaw affects Windows 10 and Windows Server 2016. As always, it is advisable to take precautions to protect the operating system. Please keep Windows up to date, surf wisely and always use a good antivirus. That’s all for now before I go I invite you to see our post about Ruby on Windows 10.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to create GPO in Windows Server 2019.

Hi, in today's post we will be looking at GPOs in Windows Server 2019. The Group Police Object are a set of...

How to install OpenLiteSpeed on Ubuntu 20.04?

There are several web servers for Linux but other alternatives are always welcome. In this case, I will show you how to...

Linux 5.7 available

Time passes very quickly and we already have a new version of the Linux kernel that as always we are happy because...

How to install RStudio on Ubuntu 20.04 / 18.04

No matter how complete and robust a programming language is, the programmer will always need a tool to write the code. These programs have...

How to install Arduino IDE on Ubuntu 20.04 / 18.04 / Linux Mint 19.X?

Hi, folks. In this post, we will show you how to install Arduino IDE on Ubuntu 20.04/ 18.04 and Linux mint 19.x. You probably already...