NSA & Microsoft Urge Windows 10 Users to Update Immediately

By Robert Burek posted 01-17-2020 10:04

National Security Agency & Microsoft recommend updating Windows 10

Serious vulnerability could allow malicious files to appear legitimate

On January 14, 2020, the U.S. National Security Agency released a Cybersecurity Advisory urging users of Microsoft’s Windows 10 operating system to patch a potentially serious vulnerability. While the advisory is geared towards government and businesses, patching operating system vulnerabilities is something all users of Windows 10 should do.

Microsoft released details about the vulnerability, which could allow an attacker to use a spoofed code-signing certificate – a sort of digital signature used to validate legitimate apps – to sign malicious software. This would allow the malware to appear to be from a trusted source and could make detection significantly more difficult.

This vulnerability affects Windows 10, and while it has not yet been exploited in the wild, it may be only a matter of time before someone looks to take advantage of unpatched systems.

What Should You Do?

  1. If you have Windows 10, you most likely have Automatic Updates enabled by default. If so, your system will attempt to install the updates when they are downloaded, likely over the next several days. Allow the update process to complete and restart your system if needed.
  2. If you want to run your Windows Update manually to get the patch more quickly, follow these instructions from Microsoft and click the “Check for Windows updates” button.
  3. Alternatively, when you are at your Windows 10 computer, click the Start button, select Settings, then Update & Security, then Windows Update, and click Check for updates to run Windows Update manually.
  4. If you have multiple PCs running Windows 10, ensure they are all up-to-date with the latest security patches.
  5. DO NOT attempt to download a patch for this vulnerability from anywhere other than the Windows Update tool. Windows system updates should only be downloaded directly from Microsoft.