With the current Patch Day, Windows 10 users will receive an update that already has a story to tell. Because information about this issue is obtained by the US Secret Agency NSA.
The error itself was found in the CryptoAPI, which is implemented in the crypt32.dll file. This offers application developers the option of using the security certificates managed by the operating system to process encrypted communication. And this option is used extensively.
The API also implements digital signatures that allow trusted applications to identify themselves in the operating system. And due to a mistake, these signatures can be forged without notice.
This will give attackers a chance to inject malware into the Windows system that is fully trusted and then put the security system in the hands of functions or the entire system.
This is a really serious problem – it is so serious that the NSA their knowledge of the vulnerability to Microsoft passed on to enable the development of a patch.
This is very unusual in that much of the intelligence agency’s work relies on exclusive knowledge of vulnerabilities. Instead of using knowledge about exploits to improve the security of users, they are used to break into systems, from which further information is then gathered.
However, the disclosure of information to Microsoft has now ensured that this threat can be eliminated. And here’s the other unusual process around the bug: Many Microsoft users have already gotten the patch. Following the declaration of confidentiality, various large companies and government entities such as military units were already provided.
This is primarily the Redmond Company’s intelligent and responsible approach. Typically, larger organizations usually have to try new patches before installing them. However, with the now published publication, criminals will immediately begin to analyze the threat, so securing a critical system is a real race against time.
On the other hand, home users can and should start installing patches from today. The most sensible way to do this is through a direct Windows update, which provides the most up-to-date information.
This is a really serious problem – it is so serious that the NSA their knowledge of the vulnerability to Microsoft passed onto enable the development of a patch. This is very unusual in that much of the intelligence agency’s work relies on exclusive knowledge of vulnerabilities. Instead of using knowledge about exploits to improve the security of users, they are used to break into systems, from which further information is then gathered.
Source = winfuture.de
Also Read:
The wait of users is near to over because of a few days left for…
A short video has surfaced with an alleged PlayStation 5 loading screen and a user…
It is not wrong to say that the first leak of the A14 bionic benchmark…
The EU is currently studying a proposal to reform digital markets and data sharing methods.…
Only a few weeks left for the official announcement of the iPhone 12. The source…
A well-known analyst has already shared a lot of information about the iPhone models that…