Yesterday Microsoft announced and delivered a fix for a serious vulnerability in Windows 10 cryptography function (CVE-2020-0601). The NSA had previously discovered and notified Microsoft to develop a solution. Microsoft also stated that they had seen no exploit of this vulnerability to date. The vulnerability would allow an attacker to disguise their malicious software as a valid and certified piece of code; thereby spoofing the Windows 10 PC or Windows Server 2019 into thinking it is legitimate code that can be trusted and therefore executed.
Course of Action
Systems Engineering has received the security update from Microsoft. We will begin patching our customers starting Thursday, January 16. Customers with SE Essentials, SE Secure, SE Desktop Defense (desktops only), and SE Monitoring (servers only) will receive this update as part of their regular patching schedule.
If you do not subscribe to one of the previously mentioned services, we highly recommend you work to get this critical security update for CVE-2020-0601 deployed as soon as possible.
Please contact Systems Engineering Customer Service at 207.772.4199 or your Account Manager with any questions.
