Windows 10 has a critical security flaw that was discovered by the National Security Agency (NSA). Experts from the entity claim that if exploited by hackers, the vulnerability could expose users to data breaches. Microsoft has been alerted by the NSA and has already released a security update to fix the problem. The patch has been available since last Tuesday.
The bug resides in a Windows component called crypt32.dll, which grants developers permission to access digital certificates used in signing software. With this, hackers could install malware on the operating system, which would interpret it as legitimate and secure software.
To get an idea of the destructive potential of the failure discovered by the NSA, the DLL in question – as well as many of the files marked with this extension – has the power to send commands and instructions to various programs. When a Windows user logs on to a website, for example, the browser checks the authenticity of the address through the component provided by Microsoft.
The bug facilitates the contraction of viruses and other threats in an especially dangerous way since by using a forged certificate, the attacker can gain the trust of users or services installed on the vulnerable system and take advantage of that trust to compromise them. In the words of Anne Neuberger, NSA’s director of cybersecurity, the loophole “turns trust into vulnerability.
Microsoft released a patch on Tuesday (14) to fix the breach. In a statement, the Windows manufacturer acknowledged the seriousness of the breach and said there are no records of it being exploited by cybercriminals. The NSA also said it detected no signs of exploiting the vulnerability. Users who have installed the update or have automatic updates enabled are already protected.
How to install the security update
You can install the patch manually from the Microsoft website. Just go to the page (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601), navigate to the “Security Updates” section and choose the version corresponding to your operating system, described on the left. In the “Download” page, click on the link provided.
If you like, you can also install the patches directly through the system, in Windows Update. Look for “Windows Update” in the taskbar search box and select “Check for updates”. If the security update is available, the machine will be updated next.
It is worth remembering that last Tuesday Microsoft closed support for Windows 7. With the end of the updates, computers that still use the system should be more vulnerable to viruses and other threats. In these cases, the best option is to upgrade to Windows 10.