Published: Sat, January 18, 2020
Electronics | By Kelly Massey

RIP Windows 7: Microsoft ends support today

RIP Windows 7: Microsoft ends support today

Microsoft has released a security update today to fix "a broad cryptographic vulnerability" impacting the Windows operating system.

"An attacker can perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software by using a spoofed code-signing certificate", explained Jimmy Graham, senior director of product management at Qualys.

The US National Security Agency (NSA) revealed the flaw, claiming it would allow hackers to fool antivirus software and pass off malware as legitimate applications. In addition, it also mentioned that the Windows users would have no way of knowing that those files were malicious as the digital signature would appear to be from a trusted source. You can still use your computer but Microsoft will no longer provide you with technical support for any issues, software updates and security updates or fixes.

It centres on a flaw in 'a core cryptographic component present in all versions of Windows, ' namely a Windows component known as crypt32.dll.

However, researchers outside Microsoft-including Google's Tavis Ormandy-have a much more dire assessment of the vulnerability and urge users to patch quickly before an active exploit appears. NSA official Anne Neuberger noted that operators of classified networks had already been prodded to install the update and everyone else should now "expedite the implementation of the patch".

Microsoft says it has seen no exploits in the wild. Those PCs will now be left vulnerable to exploits and security vulnerabilities.

Australian Open 2020: Federer nonsensical about air quality, rejects transfer talk
"There are 300 numbers for what we were told yesterday at the player's meeting, the Olympics and other competitions. I always understand some frustration because this Tour, this calendar, this calendar, whatever, is never flawless .

She added that the agency had decided to make its involvement in the discovery public at Microsoft's request.

Why it matters: The flaw's seriousness made headlines, but it's just as notable that the National Security Agency alerted Microsoft to it. Keep an eye out on your Tuesday patches, and apply them.

Also, per Krebs, Microsoft has already delivered a patch for the bug to the US military and other key customers and potential targets, such as the companies that manage internet infrastructure.

The vulnerability prompted the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security to issue an emergency directive mandating that federal agencies patch the vulnerability within 10 days.

Microsoft has rated the update as "important" rather than critical.

Microsoft is recommending customers to switch to Azure for running their Windows Server workloads.

Like this: