Update: Microsoft is fixing the vulnerabilities affecting hundreds of millions of computers running Windows 10 |
Microsoft announced today (Tuesday) a security patch for a very serious vulnerability affecting hundreds of millions of Windows 10 computers.
The security software giant said in an article that the security vulnerability had been discovered in CryptoAPI, a coding component for Windows launched decades ago. The component has many functions, including the ability of developers to digitally record their software and demonstrate that the software has not been tampered with. However, this vulnerability could allow attackers to mimic legitimate programs so malware like Ransomware can run.
Microsoft said: "Users will not know if the file is dangerous because the digital signature gives the impression that the file is from a trusted resource." CERT-CC-Carnegie Mellon University Security Vulnerability Check Center points out in the security report: You can also use this error to intercept and modify HTTPS (or TLS) connections.
To reassure users, Microsoft said it had found no evidence that the attacker was exploiting the vulnerability (which was classified as "critical"). Independent security reporter Brian Krebs was the first to comment on the vulnerabilities in his blog post.
The National Security Agency contacted reporters to confirm that the vulnerability had been found and that Microsoft had been informed of the details and that the company had the opportunity to correct it. Note that instead of notifying Microsoft, the agency has received numerous criticisms about finding security vulnerabilities in Windows and creating spyware. The agency used a security vulnerability in Windows to create a tool called EternalBlue that could be monitored on computers. However, the vulnerability was leaked and then used by hackers to start the popular WannaCry Ransomware attack, which has caused millions of users loss.
Before this update was released to all users on Tuesday, Microsoft was said to have released security updates for Windows 10 and Windows Server 2016 vulnerabilities for the U.S. government, military, and other major companies that are concerned about a possible vulnerability.