The US National Security Agency (NSA) has discovered a major flaw in Windows 10 that could have been used by hackers to create malicious software that looked legitimate.

Microsoft has issued a patch and said it is now aware of the bug being exploited by hackers.

The issue was revealed during an NSA press conference.

It was not clear how long it had known about it before revealing it to Microsoft.

Brian Krebs, the security expert who first reported the revelation, said the software giant had sent the patch to branches of the US military and other high-level users ahead of its wider release. It was, he wrote, “extraordinarily scary”.

The problem exists in a core component of Windows known as crypt32.dll, a program that allows software developers to access various functions, such as digital certificates which are used to sign software.

It could, in theory, have allowed a hacker to pass off a piece of malicious software as being entirely legitimate.

The NSA’s director of cyber-security Anne Neuberger told reporters that the bug “makes trust vulnerable”.

She added that the agency had decided to make its involvement in the discovery public at Microsoft’s request.

The flaw is also an issue in Windows Server 2016 and 2019, but does not appear to affect older versions of the operating system.

Prof Alan Woodward, a security expert based at Surrey University, said of the flaw: “It’s big because it affects the core cryptographic software used by Microsoft operating systems. Although there is no evidence that it has been exploited by hackers, it is a major threat as it lays users open to a range of attacks, so this is a case of don’t panic but apply the patch straightaway.”

“The concern is that as soon as the vulnerability is known about in detail, exploits will be produced and the laggards who don’t patch will be prime targets.”


Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Wear a mask: Joker spotted jet skiing around NYC amid massive BLM marches (VIDEOS)

DC Comics stalwart and Batman arch nemesis (not to mention cliche halloween costume for the painfully unoriginal) the Joker was spotted blowing off some steam this weekend, apparently swapping the crime-ridden streets of Gotham City for the… crime-ridden streets of…

politico | Russian hackers targeted Burisma amid impeachment inquiry

The Russian military hackers began an attack in November on Ukrainian energy company Hunter Biden, the son of Democratic presidential candidate Joe Biden, was on Burisma’s board Russian hackers targeted the Ukrainian gas company that’s a major focus of impeachment…

Russia QUITS Open Skies treaty which allows nations to carry out surveillance flights and see if countries are preparing for war – two months after US withdrew

Russia has quit the Open Skies treaty which allows nations to carry out reconnaissance flights to check if their counterparts are preparing for war. Moscow’s decision to pull out of the 1992 agreement, observed by 34 states, comes two months…

Troops sent to Washington during protests had bayonets, general says

The chairman of the joint chiefs of staff, Army Gen Mark Milley, confirmed that some US troops sent to Washington during protests over George Floyd’s police killing were issued with bayonets. The Associated Press, which reported on the bayonets in…