The U.S. National Security Agency released a Cybersecurity Advisory urging users of Microsoft’s Windows 10 operating system to patch a potentially serious vulnerability.
Microsoft released software to fix 49 vulnerabilities as part of their update. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.
An attacker could use a spoofed code-signing certificate – a sort of digital signature used to validate legitimate apps – to sign malicious software. This would allow the malware to appear to be from a trusted source and could make detection significantly more difficult.
What Should You Do?
If you have Windows 10, you most likely have Automatic Updates enabled by default. If so, your system will attempt to install the updates when they are downloaded, likely over the next several days. Allow the update process to complete and restart your system if needed.
If you want to run your Windows Update manually, click the Start button, select Settings, then Update & Security, then Windows Update, and click Check for updates.
DO NOT attempt to download a patch for this vulnerability from anywhere other than the Windows Update tool. Windows system updates should only be downloaded directly from Microsoft.