What is it?
A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if it’s from a trusted source. This vulnerability is post-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could conduct man-in-the-middle attacks and decrypt encrypted traffic such as traffic sent over the encrypted protocol of HTTPS. To exploit this vulnerability, an attacker would need to be authenticated to the device.
Should I be worried?
You may be vulnerable if you have unpatched Windows machines running Windows 10 or Windows Server 2016/2019.
What do I need to do?
Currently, there is no safe PoC for testing assets. Once a PoC is developed or available in the wild, Edgescan clients will be notified as soon as possible, if they are vulnerable.
You should also check your patching as per for Windows 10 or Windows Server 2016/2019:
Here for CVE advisory:
Here for the NSA advisory: