Security News > 2020 > January > Looking for silver linings in the CVE-2020-0601 crypto vulnerability
The vulnerability is undoubtedly very serious, but in the days since its disclosure I have started to wonder if there is a silver lining to this cloud.
First, it appears this vulnerability only affects the latest editions of Windows, including Windows 10, Windows Server 2016, Windows Server 2019 and their derivatives.
Windows Update uses a pinned certificate chain with RSA certificates, which are not affected by CVE 2020-0601.
Perhaps most importantly though, CVE 2020-0601 is the first Microsoft Windows vulnerability disclosure credited to the NSA. That isn't to say the agency hasn't assisted in previous vulnerability disclosures, but it's the first time it's been made public.
Which brings us to CVE 2020-0601, a proactively disclosed, dangerous zero-day vulnerability that could have been a sibling to Flame and EternalBlue.