In a rare move, the National Security Agency held a press conference yesterday in which it revealed details about a bug in Microsoft’s Windows 10 operating system, which could leave users vulnerable.
The potential exploit, the NSA stated, could be used to bypass a computer’s security, and place malicious programs on the machine, which in turn could then be used for spying or ransomware purposes. In a statement, Microsoft claimed that it was aware of the issue, and had provided a patch to nullify the problem.
We take a look at what the bug could mean, and how to ensure you’re protected against it.
Windows 10 Exploit Explained
The bug in Windows 10, that was discovered by NSA, is a serious vulnerability in the way that Windows 10 validates digital certificates. This process effectively gives the operating system the all-clear to run software that it deems to be secure and legitimate.
The issue (which relates to the Windows CrytpAPI, specifically, the Crypt32.dll file) means that anyone with malicious intent could theoretically spoof a genuine digital certificate from a valid piece of software, and attach it to a piece of malware. This would provide a back door for malicious software to access a user’s PC.
In Microsoft’s own words:
An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
The end result of this type of attack could range from hackers snooping on your activity, gaining access to your files, and even taking over your PC. It could also lead to ransomware being installed on a machine. This type of attack typically threatens to wipe all of the contents of your hard drive, or lock you out from accessing your device, unless a payment is made.
It’s important to note that Microsoft does not believe that anyone has used this exploit. With the patch fix now released, this risky back-door should be closed for good.
Which Systems are Affected?
The bug mainly affects Windows 10, but is also present on Windows Server 2016 and 2019.
It’s something of an irony that this news was announced yesterday – the very day that Microsoft sunsetted Windows 7 and ceased any further security updates for the ageing operating system. Windows 7, as it happens, isn’t affected, so anyone who is still hanging onto it might feel a bit smug this morning (although, they really, really still need to upgrade).
Other Windows operating systems, including 8.1, aren’t vulnerable to the exploit.
How Can I Protect Myself From this Bug?
Good news – Microsoft has already issued a patch to fix the vulnerability. It’s common practice for bug-hunters to contact the software provider directly before going public. In a statement, the NSA’s director of cyber-security, Anne Neurberger, revealed that Microsoft had requested the NSA make its involvement known to the public.
If you have your Windows 10 operating system set to automatically update, then you should already have the patch downloaded and applied.
If want want to be sure, you can got to Settings, click Update and Security, select Windows Update, then click the Check for updates button.
Another option is to visit Microsoft’s site to download the patch directly.
This news is a stark reminder about the importance of keeping your operating system up to date. The fight against viruses and malicious software is one that is fought in inches. Those regular Windows updates might seem like a pain, and land at the most inconvenient moment, but they could well be protecting your PC from a potentially crippling bug.