The U.S. National Security Agency (NSA) has lately found a serious security flaw in the most used operating system the Microsoft’s Windows 10. The bug could have affected around 900 million computers around the world.
The company has taken prompt action to secure the platform by releasing a security patch for Windows 10 and Server 2016 today. The security flaw according to NSA is a serious vulnerability, it is rare but not unprecedented said NSA.
The bug found in windows was related to the system confirming the legitimacy of the software or establishing secure web connections. Now if the verification check itself is not trustworthy hackers can exploit it and remotely distribute malware or access sensitive data.
According to the report by Microsoft, the vulnerability found in Crypto API which is implemented in the crypt32.dll file. The system offers developers the option of using security certificates that are managed by the operating system to process encrypted communication, and the option is used quite frequently.
The API also processes digital signatures via trusted applications in which these applications have to prove identity to the operating system. The error inside this signature processing could be spoofed without getting noticed. Hackers would thus be able to inject malware into Windows without putting any further obstacles to malware.
Microsoft has already released a security patch for some customers including large organizations and government departments, the other home, and office customers should receive and install the security update from today as Microsoft has rolled out the security update for Windows 10 globally.