Microsoft, NSA confirm killer Windows 10 bug, but a patch is available
As expected, Microsoft did reveal a fundamental flaw in Windows that affected Windows 10’s cryptographic library. January’s Patch Tuesday updates issued today, however, fix the issue, which is specific to Windows 10 and Windows Server.
The flaw, CVE-2020-0601, was found in the usermode cryptographic library, CRYPT32.DLL, that affects Windows 10 systems. (Contrary to earlier rumors, it does not affect Windows 7, which coincidentally is being shut down Tuesday as well.) Fortunately, Microsoft reported that the library was not in active use, though that doesn’t prevent an attacker from weaponizing it now that it’s been disclosed.
Source:: IT news – Security