An attacker would have the option of using a fake code signature certificate to sign a malicious executable without Windows noticing. A successful exploit could also allow the attacker to perform an attack and decrypt sensitive information about user connections to the affected software. Is there a critical cryptography patch coming? Microsoft published a blog post this month. Microsoft has indicated that Windows 10 is affected and has provided cumulative updates to address the vulnerability.
The Vulnerability Is Expected To Be Exploited
The vulnerability CVE-2020-0601, which was recently discovered in Windows, is of course found by cyber criminals. These could break encrypted HTTPS connections and read the information. In the meantime, security researchers have developed and partially published proof of concept code (PoC) examples that exploit this vulnerability. This makes it possible to set up a fake website that looks like a website secured by legitimate certificates. The experts have not released the exploit code to prevent villains from using it.
CVE-2020-0601 Could Affect Windows Encryption Systems
Attackers who exploit this error could compromise encrypted network traffic, digitally signed e-mails or even particularly trustworthy programs. This poses a significant threat to the general security of citizens and businesses.
Windows Server 2008 R2 After The Support Expires
If you are still using this system, you can book the Microsoft Extended Security Update Support. This is available for the professional and enterprise editions. According to statistics, up to 30 percent still rely on this system. In this case, the operating systems will receive updates for some time. Of course, the older operating systems can still be used, but newly found security gaps are no longer closed. However, continued operation does not mean that Windows Server 2008R2 is completely unsafe in 2020 . When there are new gaps, updates no longer appear; existing ones have already been closed by the previous patches. However, those responsible should be aware of the risks.