Windows 10 suffers from a serious vulnerability discovered by the NSA, and the patch to fix the bug is already available, so it is advisable to update the operating system as soon as possible to be protected.
The bug affects an element called Windows CryptoAPI (based on the crypt32.dll file), used for encryption in various components Windows 10 and Windows Server 2016/2029, as well as third-party programs, making it essential for security.
In practice, this would allow an attacker to install programs on the PC and take control, as well as intercept communications. It is a flaw of considerable seriousness, which has been discovered by the National Security Agency (NSA) of the United States, and has been assigned the code CVE-2020-0601
Computer science is already a national security issue for many countries, and the NSA seems to have accepted it. In the past, the NSA used software bugs to spy on its targets, without making it public or helping to fix it.
The result of his policy was disastrous, as the information ended up leaking anyway, and malware based on NSA vulnerabilities emerged, including WannaCry, one of the most serious computer attacks in history.
On this occasion, everything has happened differently. Luckily, Microsoft was informed in private, and already has patches ready, so users should update Windows 10 as soon as possible.
Before being released publicly, the updates had already been provided to some key organizations, mainly the military and basic Internet infrastructure.
For Windows 10 users, it is easy to update from the corresponding menu, using this path:
Settings -> Update & Security -> Windows Update -> Check for updates
At this time there is no record that the vulnerability has been used for attacks, and details have not been provided by either Microsoft or the NSA. However, update urgently is recommended, as cybercriminals will start working on viruses that use the flaw.
We must not forget that many ransomware attacks hijack computer files and demand ransom using vulnerabilities that have been corrected for a long time, but whose patches have not been installed on PCs due to inadvertence.
Our advice is to update Windows 10 as soon as possible, because the patch doesn't take too long to install, and it will keep us safe. Although there are some tricks to maintain our privacy on the Internet, these types of failures are very serious, and require a solution by the operating system.
What do you think about the CVE-2020-0601 vulnerability? Do you think the NSA will continue to help make Windows more secure?