Microsoft Releases Emergency Windows 10 Patch After NSA Reveals Major Security Flaw

Microsoft has come out with an emergency patch for Windows 10 after the NSA revealed a huge vulnerability that hackers could exploit.

You might have noticed a Windows update arriving last night. If you didn’t, you’ll likely see one come across your machine in the very near future due to a huge security vulnerability that Microsoft is scrambling to patch out.

The patch will close a security loophole that could trick Windows into believing that an untrusted piece of code is actually trusted, handing over an official Microsoft security ticket to whatever bit of code a malicious actor wants.

“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” writes Microsoft on their website.

“A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”

What this basically means is that a hacker could use this bug to install viruses or other bad stuff on your system. They could also use it to peek at data mid-transit to see what’s up. This would allow them to get at things like payment info if you just happen to be shopping at the time of the attack.

This is a huge deal since spoofing Microsoft’s “trusted” status gets around so many anti-malware protections. Windows 10 is also the most installed OS in the world, hitting over 900 million PCs, with this vulnerability working equally well on every single one of them.

The NSA played a huge role in the discovery and disclosure of this bug and even worked with Microsoft to generate a fix, according to Wired. Still, the NSA likely has an arsenal of hidden exploits that it can use for foreign espionage. They are spies, after all.

This particular bug just turned out to be too big for the NSA to keep secret.

Source: Read Full Article