Windows 10 spoofing vulnerability: What it is and how to remain secure
2020 started off with bang as Microsoft patched a Windows 10 spoofing vulnerability, while Windows 7 entered end of support; phew, what a way to kick off the new year! Hear from host, Brad Sams, and SmartDeploy CEO, Aaron Suzuki, as they break down these topics and more. Keep reading for details on the points discussed to stay up-to-date in the ever changing world of Microsoft Windows.
The NSA found this Windows 10 spoofing vulnerability
Although Microsoft Patch Tuesdays are often minor, January 14th saw the release of a patch for a spoofing vulnerability in CVE 2020-0601. This update addressed a major security flaw affecting Windows 10, Windows Server 2016, and Windows Server 2019 platforms. The vulnerability was originally discovered by the US National Security Agency (NSA) and disclosed to Microsoft. CVE 2020-0601 is a spoofing vulnerability that exists in the way Windows CryptoAPI (Crypt32.dll) validates certain code-signing certificates. This vulnerability can allow a hacker to create and sign a malicious executable, which tricks the operating system into thinking the executable is trusted, enabling the hacker to bypass protections in the OS that are intended to prevent the user from inadvertently installing untrusted software.
Although any vulnerability sounds troubling, the most unsettling part about this one is it pertains to the world of encryption and code-signing, which is a key security structure for many businesses. But there’s no need to panic yet, as Microsoft adapted quickly to fix the security flaw. It’s now on the users to update as quickly as possible to ensure their environment remains secure. If your automatic updates are turned off, we recommend turning them on, at least for January – and if your updates are not centrally managed, you will want to make sure that all of your end users run Windows Update immediately. Ironically, the spoofing vulnerability did not affect Windows 7 users, but that doesn’t mean they’re untouchable. As Aaron states, Windows 7 is no longer supported, so if a similar vulnerability is discovered in the future, there won’t be any update to fix it, and you could be leaving sensitive information unprotected.
Windows 7 has reached EOS, but is it gone for good?
In case you’ve been living under a rock, allow us to break the news; as of January 14th, 2020, Windows 7 entered EOS. However, not everyone is on board. According to a recent study of US and UK based companies, over 50% have not fully migrated to Windows 10. It seems enterprises are not officially broken up with Windows 7, and some for good reason. As Aaron points out, some industries have expensive devices that are Windows 7 dependent. Upgrading these devices may be impossible and purchasing an updated machine for the sole purpose of running on a new OS could be wildly out of the budget. If you fit into a similar situation and purchasing extended Windows 7 support is causing you to penny-pinch. Although a full migration may not be immediate, it’s important to develop an upgrade “game-plan” to avoid the overt security risks. Listen in to hear Brad and Aaron’s predictions of what Windows 7 EOS means for the future of Windows 10.
What a tech CEO looks for in a new employee
At the end of the episode, Brad shared a user submitted question for Aaron asking what he looks for in a resume when hiring at SmartDeploy. To begin, Aaron suggested outlining your resume in the order of your skill sets, how you have applied them, and then listing your background. It’s important to show what you know and how you can utilize your skills in tangible areas. Aaron also recommends analyzing resumes of professionals in your desired role to learn how to better present yourself to emulate what hiring managers are seeking. Another important component is attitude—listen to Brad’s story explaining why his attitude got him hired at his first job. The pair concluded by urging listeners to strongly consider finding companies that fit their passions and personalities to land a position that will help mold a strong career path.
Thanks for joining us and tune in for next month’s Enterprise Dish to learn the next wave of Windows news.
Heidi Flaig has worked on SmartDeploy's marketing team since 2011 and thrives on engaging with IT professionals to better understand how SmartDeploy products can improve their world. She has over 500 contributions in the Spiceworks community. When she’s not in the office, you can find Heidi hiking with her husband, two sons, and silver lab, Miles.
Ready to get started?
See how easy device management can be. Try SmartDeployfree for 15 days — no credit card required.