From CNET: Instead of keeping a potential hacking resource to itself, the US National Security Agency alerted Microsoft to a serious security flaw in the Windows 10 operating system that could open computers to major breaches or surveillance. The NSA said the flaw is severe and that hackers will understand very quickly how to exploit it.
"The consequences of not patching the vulnerability are severe and widespread," the NSA said in an advisory Tuesday.
Microsoft issued a patch Tuesday for the flaw, which was first reported by The Washington Post. The flaw affects devices running the Windows 10 operating system, as well as the Windows Server 2016 and 2019 operating systems. Using the flaw, attackers could create an exploit that creates fake security certificates, giving them a free pass to run malicious software on Windows devices while looking legitimate to the system.
"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," Microsoft said in its description of the vulnerability.
View: Full Article