Recently, the US National Security Agency (NSA) discovered a serious flaw in the Windows 10 operating system, as well as Windows Server 2016/2019.
Called “NSACrypt” or “CVE-2020-0601”, this vulnerability relates to the Crypt32.dll module, allowing hackers to remotely launch malicious code and interfere with the authentication mechanism of certificates and letters. Windows digital signature.
Information about NSACrypt vulnerabilities is provided by Microsoft
According to Microsoft, hackers can take advantage of this vulnerability to deceive the system, turning a malicious application into a clean application, from a trust source. Users will have no way to know that the application is malicious, because the NSACrypt vulnerability will allow hackers to create a valid digital signature for that malicious application.
According to information from BKAV, in Vietnam, 23% of the 12 million computers are running Windows 10. Therefore, it is estimated that more than 2.7 million computers in our country are at risk of being exploited by serious vulnerabilities. this important.
The only way for users to protect themselves against the NSACrypt flaw is to update to the latest patch for Windows 10, which was released by Microsoft on January 15.
To help users quickly find vulnerabilities and update patches, BKAV has recently launched a tool that allows users to quickly check the status of their computers.
BKAV’s tool helps users check whether the computer has been patched for the NSACrypt flaw
If it detects that the PC has not been patched, the tool will redirect to the Microsoft website so that the user can download the patch. In addition, users can also use the built-in Windows Update tool.