Yesterday marked the final day of support for Windows 7. Windows 10 also made the news when the NSA reported that it found a critical security vulnerability with the operating system. The NSA notified Microsoft about the vulnerability, and Microsoft created and issued a free patch to all Windows 10 users.
— NSA/CSS (@NSAGov) January 14, 2020
The flaw involved is with the Windows CryptoAPI. If properly exploited, an attacker could use fake security certificates to install malware by impersonating valid software. This vulnerability is troubling because the user would have no idea that a piece of software getting installed was malicious. This means they could install malware that monitors a computer’s activity, steal passwords, or even lock devices until a ransom is paid.
The NSA and Microsoft did not divulge how the exploit worked, only what it would do in their statements. This is likely because it will take some time for all the individual users and organizations to update their systems.
Update Your Device Now!
While some Windows 10 machines will update automatically, Microsoft and the NSA are urging all users to update their systems immediately. To update Windows, select the Windows icon in the bottom left corner of the screen. Next, choose the settings gear to open the Settings app. Following this, select Update & Security. There will be a button that allows you to check for updates. Select this to make sure your computer is up to date, even if it says it was check today.
Once the updates download and install, you may have to restart your computer. Once this is complete, you are good to go and can no longer fall victim to the vulnerability. If your organization controls your computer, they will issue the updates for you. If your protection plan through Computer Warriors includes patching, we have you covered!