Lucene search

K
threatpostLindsey O'DonnellTHREATPOST:4F15F64975E3F5BE228AE0A72697EE31
HistoryJan 15, 2020 - 8:47 p.m.

Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft

2020-01-1520:47:18
Lindsey O'Donnell
threatpost.com
68
microsoft
patch tuesday
crypto-spoofing
windows 10
vulnerability
code-signing certificate
nsa
security bulletin
attacker
certificate spoofing
trusted source
executable programs

EPSS

0.001

Percentile

36.3%

A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency (NSA).

Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.

Threatpost talked to Pratik Savla, senior security engineer at Venafi, about the vulnerability, whether the hype around the flaw was warranted, and what the disclosure means for the NSA.

For direct download click here.

[

](<http://iframe%20style=border:%20none%20src=//html5-player.libsyn.com/embed/episode/id/12754238/height/360/theme/legacy/thumbnail/yes/direction/backward/%20height=360%20width=100%%20scrolling=no%20%20allowfullscreen%20webkitallowfullscreen%20mozallowfullscreen%20oallowfullscreen%20msallowfullscreen/iframe>)

Also, check out our podcast microsite, where we go beyond the headlines on the latest news.

EPSS

0.001

Percentile

36.3%

Related for THREATPOST:4F15F64975E3F5BE228AE0A72697EE31