Important information for anyone still using Windows 7.

A critical security flaw (CVE-2020-0674) was discovered by the NSA in January that affected ALL versions of Windows.

The severity of the situation prompted official communications from US authorities. This included an alert from the Cybersecurity and Infrastructure Security Agency (CISA), an emergency directive from the Department of Homeland Security (DHS) requesting expedited patching across federal entities, and an advisory from the NSA itself.

“The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners,” said the intelligence agency.

Any Windows applications – such as web browsers, file transfer tools or email clients – that rely on crypt32 for checking cryptographic certificates may be vulnerable to this bug.

A fix for the vulnerability was made available as part of Microsoft’s February 2020 Patch Tuesday rollout but this will not be available for Windows 7 which is no longer supported (since January 14th 2020)*. If you are running Windows 8 or Windows 10 it is important that you keep Windows security patches up to date.

If you are still using Windows 7 then upgrading to Windows 10 is the recommended course of action.

* If you are running Windows 7 Pro or Enterprise and have purchased extended support from Microsoft then you will be patched against this providing your Windows updates are applying. (Extended support is not available to Windows 7 Home). 

For free advice just contact Simon on 97758905 or send a message.