The US National Security Agency has announced the discovery of a serious security vulnerability within Windows 10 and Windows Server 2016/2019 that exploits a component known as CryptoAPI. Microsoft has released a patch to fix it and all users of these operating systems are advised to implement this patch immediately.
Developers use digital signatures to prove that their software is legitimate and has not been tampered with. However, this security vulnerability could allow an attacker to spoof legitimate software, undermining how Windows verifies trust and allowing the running of malicious software, like ransomware, in the background. According to Microsoft, the user would have no way of knowing a file was malicious, because the digital signature would appear to be from a trusted provider.
The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality, such as HTTPS connections, signed files and emails, and signed executable code launched as user-mode processes.
Businesses running affected systems should install all patches from January 2020 as soon as possible, prioritizing endpoints that provide essential services.
Links to critical patches are contained within the Security Guidance Advisory from Microsoft.