A critical security flaw in Microsoft’s Windows 10 has been discovered by the NSA. The security issue affects the way applications are signed and can therefore allow a malicious actor to install powerful malware without the operating system detecting it. Well, a patch has been available, and it is strongly recommended that you go and update as soon as possible.
The NSA is well-known for exploiting security vulnerabilities but was not always revealing them to publishers and computer manufacturers. Practices that have sometimes hit the headlines. The NSA was, for example, the target of sharp criticism when in 2017 the agency’s hacking tools were found in the wild. It ended up contributing to a global cyber attack. However, it also happens that the agency considers certain flaws serious enough that it works in advance with the publishers to correct them.
The Security Flaw Affects The Electronic Signature Of Apps
This is what has just happened around a serious security flaw affecting the cryptographic signature system of Windows applications. Thanks to this flaw, malicious actors could indeed install malware. In addition, they can bypass system authentication or decrypt secure traffic from the machine, and Windows will not detect anything.
The vulnerability itself lies in a Windows component cryt32.dll which manages the “cryptographic messaging and certificate functions in the CryptoAPI”. This is a central component of Windows 10 security. It was, for example, possible to use this flaw to pass malware for harmless programs by manipulating their signature.
Why You Need To Update Your Windows 10 PC Now
This vulnerability is very serious as it is strongly recommended for Windows 10 users to update their system, if it is not already the case. The flaw has indeed been corrected in a patch distributed in the update of January 14, 2020. If you activated automatic updates, this one probably installed automatically. If not, we recommend that you go to Windows Update and immediately check for updates.
Note also that this flaw is not specific to Windows 10. This component was available during the Windows NT 4.0 era – and therefore all versions of Windows up to Windows XP are potentially affected. It was nonetheless corrected in Windows 7 which received its last Patch on January 14, at the same time as Windows 10.