Security News > 2020 > January > Windows Vulnerability: Researchers Demonstrate Exploits
A day after the U.S. National Security Agency disclosed a vulnerability that could affect the cryptographic operations in some versions of Microsoft Windows, security researchers started releasing "Proof of concept" code to show how attackers potentially could exploit the flaw.
The vulnerability affects versions of Windows 10 as well as Windows Server 2016 and 2019.
Microsoft and the NSA warn, the vulnerability could be used by an attacker to fake digital certificates that are used as part of encrypted communications within Windows.
On Wednesday, security researcher Saleem Rashid posted on Twitter an explanation of how an attacker could use the Windows vulnerability to create phony Transport Layer Security, or TLS, certificates, which would then allow someone to spoof a legitimate website.
After Rashid's post on Twitter Wednesday, ZDNet reported that at least two other security researchers published proof-of-concept code on GitHub to demonstrate their methods of exploiting this particular vulnerability.
News URL
https://www.inforisktoday.com/windows-vulnerability-researchers-demonstrate-exploits-a-13614
Related news
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers (source)
- ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows (source)