o U.S. Government Issues Critical Windows 10 'Update Now' Alert
<
https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/>
"Indeed, it was the NSA itself that discovered the vulnerability and
reported it to Microsoft. This is, Neuberger confirmed, the first time that
the NSA had publicly disclosed a vulnerability to a software vendor."
"Malicious software could masquerade as legitimate software that has been
authenticated and signed by a trusted source; malware detection could be
negatively impacted as a result. Furthermore, browsers that rely upon
Windows CryptoAPI could be fooled by a maliciously signed digital
certificate and so no warnings would be issued if a threat actor were to
then decrypt data or inject malicious data."
"Even before Microsoft itself disclosed the details of CVE-2020-0601, a
Windows CryptoAPI spoofing vulnerability, the NSA had confirmed the
importance of both the flaw and the fix. Anne Neuberger, director of the
NSA Cybersecurity Directorate, warned that the issue "makes trust
vulnerable."
CISA, via the National Cyber Awareness System, has published an alert
titled "Critical Vulnerabilities in Microsoft Windows Operating Systems."
<
https://www.us-cert.gov/ncas/alerts/aa20-014a>
See also:
o New Windows 10 'Extraordinarily Serious' Security Warning
<
https://www.forbes.com/sites/daveywinder/2020/01/14/windows-10-extraordinarily-serious-security-warning-for-900-million-users/>