January 15, 2020
Tenable®, Inc., the Cyber Exposure company, has released plugins for CVE-2020-0601, a critical vulnerability in the cryptographic library used in Windows 10 and Windows Server 2016/2019. The flaw would allow attackers to deliver malicious code that appears to be from a trusted entity.
The vulnerability, which was disclosed by the National Security Agency (NSA), reportedly bypasses Windows’ capability to verify cryptographic trust, which would enable an attacker to pass malicious applications off as legitimate, trusted code.
“This vulnerability, and the attention it’s received from various government agencies, is unprecedented. It calls into question our very trust in today’s digital world — the trust that our encoded communications are secure,” said Renaud Deraison, co-founder and CTO, Tenable. “We implore organizations to patch their systems immediately.”
Microsoft has released software updates to address CVE-2020-0601. Tenable urges customers to apply updates immediately. A list of Tenable plugins to identify CVE-2020-0601 is available here.
Read the Tenable Research Blog Post
Register for the webinar on Thursday, January 16 at 11 AM ET
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
443-545-2102, x 1544