Nonprofit Resources

print

Critical Microsoft Windows 10 Vulnerability Discovered

print
On January 14, 2020, the U.S. National Security Agency (NSA) announced that it has uncovered a critical vulnerability affecting Microsoft Windows 10, Windows Server 2016, and Windows Server 2019.

The vulnerability affects how Windows trusts software and connects to remote computers. This could allow hackers to decrypt confidential data within applications or perform man-in-the-middle attacks to intercept communication between computers or servers without users’ knowledge.

Microsoft has issued a patch for this vulnerability as part of its January 2020 Patch Tuesday Security Update. Given the critical nature of this vulnerability, the U.S. Department of Homeland Security is urging all Windows users to make the security update as soon as possible and turn on automatic updates. We also recommend considering a centralized management solution to provide more effective and efficient oversight into your patch management processes.

Additional Concerns for Windows 7 Users

If your organization still uses Windows 7, it’s important to know that Microsoft is no longer supporting Windows 7 as of January 14, 2020. That means Microsoft will no longer provide support, security patches, or updates for this operating system, leaving it open to security risks like malware and ransomware.

We recommend that you upgrade all hardware running Windows 7 as soon as possible.

An Application and Software Inventory Can Reduce Your Risk

Situations like these highlight the need to create and maintain an inventory of all the software and applications in use at your organization. These three steps will walk you through the process.

Please contact us at cybersecurity@capincrouse.com with questions about these or other cybersecurity issues.

Allison Davis

Allison Davis is a Partner at CapinTech. Throughout her time as an information systems auditor and senior manager, Allison has provided information security assessment and consulting services primarily for nonprofit organizations, financial institutions, and health facilities. In addition to these services, she has provided clients with consulting services in risk assessment and policy development engagements.

Leave a Comment