Dear Valued Customers,
****** Only Windows server clients will be affected ******
Following the recent Microsoft official announcement, a spoofing vulnerability (CVE-2020-0601) affecting the Cryptography API in servers running Windows Server 2016 / Windows 10 or newer has been discovered.
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege.
For further reference about the vulnerabilities:
(A) What Do You Need To Know About This Update?
kindly refer to following news:
(B) What is the impact?
Said exploit allows attackers to spoof valid code-signing of arbitrary executables, allowing any malware to evade detection by typical means and bypass built-in protections by masquerading as legitimate programs, and allowing attackers to MITM encrypted connections far more easily by impersonating legitimate services.
(C) Recommended preparation
We recommend all users to run a full data backup for their web files and databases to their local desktop/laptop/external drive before any server patching.
Last but not least, please note that all Managed services clients will be notified privately on the Windows update arrangement.
Those unmanaged services client who is interested on this update may contact support team by submitting a ticket at https://support.exabytes.com then choose Technical Support (Dedicated Server / VPS / Cloud / Colocation)
Technical Support Department