The NSA spots a flaw in Windows 10


This is not trivial : the NSA, the us intelligence alerted the media yesterday about a security vulnerability affecting Windows 10. The Agency has identified the vulnerability CVE-2020-0601, which affects crypt32.dll, an integrated module within the CryptoAPI, the system in charge of the encryption of the data of the operating system. Microsoft has corrected the vulnerability via the security patch in January.


In essence, this vulnerability allows year malandrino attack of type ” man-in-the-middle, allowing him to decrypt the confidential information present on the infected system. According to the NSA, CVE-2020-0601 affected Windows 10 and Windows Server 2016/2019, as well as applications that rely on these systems for the encryption of their data.


Microsoft has not identified any exploitation of the vulnerability, which is considered “important” by the editor, but not “critical” as estimated by the NSA. If there was a little teasing (which is not our kind, you know), it seems as if the agency had found a way to exploit this flaw, without a doubt, could she not be sent to Microsoft.



Experience The World

Comments