Patch Tuesday, January 2020 Edition


krebs-on-security

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates.

As first reported Monday by KrebsOnSecurity, Microsoft addressed a severe bug (CVE-2020-0601) in Windows 10 and Windows Server 2016/19 reported by the NSA that allows an attacker to spoof the digital signature tied to a specific piece of software. Such a weakness could be abused by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.

Read the rest of the story…


About the Author

Brian Krebs

Brian became a world renowned security researcher while working for The Washington Post from 1995 to 2009 as the author of The Security Fix column. Since leaving The Washington Post in 2009 Brian has continued his research at Krebs on Security where he continues to investigate cyber criminal gangs, skimmers, software exploits, and the dark underbelly of the web .

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *