The National Security Agency (NSA) has uncovered a dangerous vulnerability that affects millions of computers running Windows 10, as well as, Windows Server 2016 and 2019.
The vulnerability (CVE-2020-0601) is found in Windows cryptographic functionality, which allows developers to carry out a range of functions such as digitally sign into their software. But NSA says the vulnerability could allow attackers to spoof legitimate software and carry out a remote code execution attack.
“The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” Microsoft said.
Currently, there’s no evidence that the vulnerability is being exploited in the wild.
However, the vulnerability is so concerning that Microsoft sent a patch to the US military prior to the public release of the fix on Patch Tuesday, reported security researcher Brian Krebs.
The NSA recommends that everyone install “all January 2020 Patch Tuesday patches as soon as possible.”