The United States National Security Agency (NSA) disclosed a major Windows vulnerability on Tuesday. Here’s what you need to know, and how to protect yourself.
The NSA has alerted Microsoft about a bug that could be used by hackers to make dodgy software look legitimate. The vulnerability was spotted in a Windows 10 module entitled ‘crypt32.dll’.
The news was first reported by security investigator Brian Krebs. According to Krebs, the crypt32.dll module handles all certificate and cryptographic messaging functions in the CryptoAPI – a Microsoft service that allows developers to secure Windows-based applications by encrypting digital certificates.
Hackers could take advantage of the flaw in this module to fake digital signatures and issue deceptive certificates for malicious software.
Related: Best laptop
“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source”, explained Microsoft in a report. “The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
“A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software”.
Microsoft marked the issue as ‘important’ rather than ‘critical’, reminding users that it has not seen any evidence of hackers taking advantage of the flaw since the NSA leaked it.
Related: Best VPN
The NSA, however, has called the vulnerability “severe”, noting that skilled hackers will likely manage to reverse engineer the patch to introduce it to other vulnerable systems.
“The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors”, wrote the NSA in its official report.
“NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners”
The Windows 10 flaw was brought to public attention yesterday during a press conference, while a post was shared on the NSA’s blog entitled ‘A Very Important Patch Tuesday’.
Windows Server 2016 and Windows Server 2019 have also been identified as vulnerable.
If you use any of these systems, use the following steps to patch the flaw:
- Open the ‘Start’ menu on your PC
- Select ‘Settings’
- Search ‘Check for updates’
- Click ‘Check for updates’
- Click ‘Restart now”