Earlier yesterday, National Security Agency, NSA discovered a severe flaw in Windows. Shortly afterwards, the agency’s programmers notified Microsoft to resolve the issue. Thankfully, Microsoft has released an update that will resolve the security vulnerability.
In case you are wondering, the vulnerability is associated with the crypt32.dll module that handles certificate and cryptographic messaging functions in the CryptoAPI. As KrebsonSecurity points out, this module allows developers to secure Windows-based applications using cryptography. If the module is compromised, it would allow hackers to spoof fake digital signatures on malware to make them appear legitimate.
Moreover, the vulnerability could negatively impact the security of several Windows 10 features that are critical for security. For instance, bad actors can access your data sent over the internet through Microsoft Edge and Internet Explorer.
Shortly after the discovery, Will Dormann, a security researcher CERT Coordination Center said, “people should perhaps pay very close attention to installing tomorrow’s Microsoft Patch Tuesday updates in a timely manner. Even more so than others. I don’t know…just call it a hunch?”
I get the impression that people should perhaps pay very close attention to installing tomorrow’s Microsoft Patch Tuesday updates in a timely manner. Even more so than others.
I don’t know… just call it a hunch?
— Will Dormann (@wdormann) January 13, 2020
While it’s likely that all versions of Windows were affected by the vulnerability since the module has been present in Windows since the early days of the operating system, the security agency has so far confirmed that Windows 10 and Windows Server 2016 are impacted.
As a result, if you don’t have automatic updates enabled in your Windows machine, you should definitely update your computer as soon as possible to remove the security vulnerability.