Patch your Windows 10 boxes.

[mdlbear]

If your Windows 10 boxes -- all of them, both desktops and servers, didn't apply the update that came out Tuesday, go do that now. You can chase the references below while the update is downloading.

Here's what Microsoft said about it when they released the patch. There are more details in the resource list below. Some of those go on to link to proof-of-concept exploits. Good luck!

h/t to @thnidu.

Resources

• NVD - CVE-2020-0601
• Windows 10 Has a Security Flaw So Severe the NSA Disclosed It | WIRED
• CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability
• January 2020 Security Updates: CVE-2020-0601 - Microsoft Security Response Center
• CVE-2020-0601: a critical Windows vulnerability discovered by…NSA!

Another fine post from The Computer Curmudgeon (also at computer-curmudgeon.com).
Donation buttons in profile.

Comments

[mdlbear]

:) I'm running Linux on my laptops (most of which are rescues); it's time for me to fire up the Mac mini to do my taxes on. The laptops are mostly dual-boot with Windows 7, which isn't vulnerable this time around.