You are using an ad blocker that is interfering with our web typography and internal javascript. Please whitelist our domain to live in a more beautiful world. No ads here, just really great software!

Be an IT Changemaker! Learn, get inspired and inspire others on our new DEX Hub. Visit now

Blog Post|4 minutes

NSA’s Windows 10 Advisory – Is Your OS Really Secure?

NSA’s Windows 10 Advisory – Is Your OS Really Secure?
January 29, 2020

New year, same old problems for Windows 10.

But it doesn’t have to be that way.

Earlier this month the United State’s National Security Agency (NSA) announced that they discovered a major vulnerability in Windows 10 and Windows Server 2016 that could have had dire consequences for businesses around the world.

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors

NSA official cybersecurity advisory

The flaw was detected in the way Windows 10 works with digitally signed apps. In particular, when an app developer “signs” an application, it allows the OS to confirm it is in fact legitimate and not a fake piece of software disguised as the real thing. The NSA reported a bug in this crucial verification process, which means that the OS could have been easily tricked by fake signatures which would have allowed malicious apps to run wild.

Get the best pods, articles, & research in IT experience

We’ve seen issues like this arise before with Windows 10. Last year several bugs were reported, ranging from a notorious zero-day Internet Explorer vulnerability to a failed antivirus scan for Windows Defender. In addition, many Windows users complained of end-user issues like blue screens, lags, and downed blue tooth devices—just to name a few.

Microsoft swiftly repaired this latest digital signature bug with a patch update and luckily, the NSA does not believe any cyber attackers were able to exploit the vulnerability. While ‘Patch Tuesday’ is a common occurrence for many Windows administrators, it still begs the following question:

How do you really know a Windows patch has worked?

If you’re like most people before you go to bed you probably check the locks in your home or apartment, you unplug any electrical devices and turn off all your lights. And if you’re slightly obsessive like me, you might double or triple-check these things before calling it a night.

Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners


IT support teams around the world are expected to complete similar security sweeps for their company’s enterprise technology but they are rarely given the right tools for the job. Yes, the immediate response for any network owner right now should be to follow Microsoft’s latest patch update.

But the only real way IT can double and triple-check that these patch updates are working is by gaining complete visibility into their company’s endpoints and the digital experiences of their employees.

Of course, not every Windows update brings with it hidden bugs and malware. Microsoft churns out daily upgrades and feature updates that allow IT teams to advance their companies’ business goals and adapt to the ebb and flow of the modern digital workplace.

But even if Windows is providing a simple upgrade that has nothing to do with a previous vulnerability, wouldn’t you want to ensure it does exactly what it is intended to do? The stakes are simply too high in enterprise technology to ignore the fact that most IT departments don’t really know what is going on with their endpoints pre or post-OS updates. Instead, many teams take news outside their digital walls at face value.

Traditional IT support departments monitor how their digital services are provisioned to employees, not how those services are consumed by employees in real-time. Business apps, device performance, employee sentiment, entire worlds of computing information is unintentionally ignored by most IT support teams because they lack the technology to truly monitor, respond, and manage digital experiences from these different perspectives.

Putting theory to practice

Luckily, our customers are able to quickly verify that Windows patches and updates are truly working across their employees’ devices, applications, and networks. Nexthink’s platform allows them to quickly zoom-in and out of every one of their endpoints and automate fixes with just a few clicks. They gain complete visibility into their employees’ exact, real-time digital experiences, and they are able to manage IT projects based entirely on measurable facts—not gut feelings.

Interested in learning more?

Visit our library page for the latest Windows 10 integration packs or speak with a Nexthinker today.

Get the best pods, articles, & research in IT experience