The U.S. National Security Agency (NSA) warned Microsoft about a vulnerability in Windows 10 that could be exploited to allow malware to appear to be a legitimate program. The flaw also affects Windows Server 2016 and Windows Server 2019.
The "spoofing vulnerability" involves a file in the operating system that is normally used to encrypt and decrypt data. The same file is also used to validate whether a Windows application or program is legitimate by authenticating that the program's digital certificate in fact came from a trusted software developer.
However, the flaw discovered by the NSA could allow cybercriminals to introduce malware that would trick the operating system file into allowing a malicious program to be deemed authentic. Once accomplished, the malware present on a server could corrupt entire networks.
Microsoft has issued a security patch to fix the problem.
It has been reported that before being released to the public, the patch was shipped to branches of the U.S. military and other high-value enterprise customers.
The good news is that Microsoft has not discovered any attempts to exploit the vulnerability in the wild. Although the flaw can affect the encrypted secured connections used by Microsoft's built-in web browsers Edge and Explorer, this is not as big a threat as it could be because most users use third-party browsers from Google, Mozilla, and Apple to visit websites.
It is not unusual for Windows' Enterprise users to find and report flaws in the software, although it is not often the NSA goes public with the findings. The agency shared details of the update, CVE-2020-0601, "quickly" with Microsoft after discovering the flaw. Michael Kan "Windows 10 Flaw Lets Malware Disguise Itself as Legit Software" www.pcmag.com (Jan. 14, 2020).
This discovery of this type of risk highlights the need to keep your operating system software and any installed programs or applications, up to date, always.
Although the particular risk discovered by the NSA could possibly lead to serious security breaches and the introduction of malware, for most users it is an issue that can be addressed by installing the security patch provided by Microsoft.
For individual users and small businesses that do not use a server-based network, but instead rely on one or two non-networked computers, there are two approaches to installing patches and updates on your machines.
In most cases, updates can be downloaded and installed automatically without worry. Enable the updates to be installed during a time the PC is not being used. However, poorly written updates have been known to cause PC's to crash. If your PC is critical to your academic or work production, the better practice will be to turn off automatic updates and follow this procedure instead.
First, backup all your critical data onto removable media, to the cloud, or to the hard drive of another PC. If your computer should crash or become corrupted during a backup, your data will be safe.
Next, change Windows Update settings so new patches are no longer automatically installed, but are merely downloaded, letting the user choose whether to install them. Most update problems are reported in the media within 48 hours, so waiting a few days before installing the updates is reasonable.
Be sure you have least 20 percent free space on your drive to allow Windows programs to grow as necessary, especially during installation and recovery.
Finally, install each update by itself, restarting your computer after each one is applied. Although this may be time-consuming, it is the safest way to be sure the updates install properly.