Technology Patch Tuesday after: NSA Crypt32 threat is real, but...

Patch Tuesday after: NSA Crypt32 threat is real, but not yet imminent

-

Prepare for the weather reporter at your local news station to start lecturing on the importance of installing Windows patches.

Yesterday we were given a remarkable patch on Tuesday. "Notable" specifically in the sense that the US National Security Agency. UU. He moved to publish a press release (PDF):

The NSA recommends installing all patches on Tuesday of January 2020 patches as soon as possible to effectively mitigate vulnerability on all Windows 10 and Windows Server 2016/2019 systems.

That is first. So far, the NSA has never publicly acknowledged its contributions to Microsoft's patching efforts, nor has it picked up the scourging whip in Microsoft's patching unit. Security guru Brian Krebs attributes it to a change of heart in the NSA:

The sources say that this NSA disclosure is planned to be the first of many as part of a new initiative in the NSA called "Turn a New Leaf," intended to make more agency vulnerability research available to key software providers and ultimately for the public.

Krebs has a excellent summary of the security hole, loaded with several amazing analogies. Get the technical details of the vulnerability in Kenneth White The Microsoft Fools Chain expose. If you have not yet been flooded with medium-fast explanations, you can be sure that all the media in the world are in the process of trying to digest and regurgitate the complexities of CryptoAPI and elliptic curve cryptography certificates.

What does this all mean? If someone can solve the puzzle CVE-2020-0601, they can create programs that seem to come from a reliable source. That is a terrifying possibility, but it is a long way from a third-degree polynomial to a functional ransomware.

And no, CVE-2020-0601 cannot be used to enter the Windows Update chain.

Copyright © 2020 IDG Communications, Inc.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

From Atal Bihari Vajpayee to Amit Shah: Tracking Legacies of Former BJP Chiefs

Jagat Prakash Nadda on Monday was elected without opposition as the eleventh national president of the Bharatiya Janata Party....

China’s coronavirus: what we know so far

The number of people in China infected with a new virus, the coronavirus, is increasing. Reports say that this...

Mortal Kombat Kollection Online classified by PEGI, and is bringing the “Klassics” to change

The Pan European Game Information panel (commonly abbreviated as PEGI) has apparently lifted the lid of the Mortal Kombat...

Must read

From Atal Bihari Vajpayee to Amit Shah: Tracking Legacies of Former BJP Chiefs

Jagat Prakash Nadda on Monday was elected without opposition...

China’s coronavirus: what we know so far

The number of people in China infected with a...

You might also likeRELATED
Recommended to you