Windows 10 Bug was too hot for the NSA to use
With the current Patch Day, Windows 10 users will receive an update that already has a story to tell. Because information about this issue is obtained by the US Secret Agency NSA.
The error itself was found in the CryptoAPI, which is implemented in the crypt32.dll file. This offers application developers the option of using the security certificates managed by the operating system to process encrypted communication. And this option is used extensively.
The API also implements digital signatures that allow trusted applications to identify themselves in the operating system. And due to a mistake, these signatures can be forged without notice.
This will give attackers a chance to inject malware into the Windows system that is fully trusted and then put the security system in the hands of functions or the entire system.
This is a really serious problem – it is so serious that the NSA their knowledge of the vulnerability to Microsoft passed on to enable the development of a patch.
This is very unusual in that much of the intelligence agency’s work relies on exclusive knowledge of vulnerabilities. Instead of using knowledge about exploits to improve the security of users, they are used to break into systems, from which further information is then gathered.
Patch has already gone to larger customers
However, the disclosure of information to Microsoft has now ensured that this threat can be eliminated. And here’s the other unusual process around the bug: Many Microsoft users have already gotten the patch. Following the declaration of confidentiality, various large companies and government entities such as military units were already provided.
This is primarily the Redmond Company’s intelligent and responsible approach. Typically, larger organizations usually have to try new patches before installing them. However, with the now published publication, criminals will immediately begin to analyze the threat, so securing a critical system is a real race against time.
On the other hand, home users can and should start installing patches from today. The most sensible way to do this is through a direct Windows update, which provides the most up-to-date information.
This is a really serious problem – it is so serious that the NSA their knowledge of the vulnerability to Microsoft passed onto enable the development of a patch. This is very unusual in that much of the intelligence agency’s work relies on exclusive knowledge of vulnerabilities. Instead of using knowledge about exploits to improve the security of users, they are used to break into systems, from which further information is then gathered.
Source = winfuture.de
Also Read:
