To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

Why you must update Windows 10 immediately: Government agencies issue warning about “critical flaw”

Microsoft's latest Patch Tuesday plugs 50 security holes including a hugely critical flaw within the CryptoAPI

Following reports that America’s National Security Agency had uncovered a severe and critical flaw in Windows 10, Microsoft has now confirmed the vulnerabilty and issued a vital patch to fix it.

 The spoofing vulnerability, found in the so-called CryptoAPI in Windows 10, could allow a hacker to install malicious software that looks and works like a legitimate programme.

What’s more, your system wouldn’t be able to tell it was malicious and would mark it as coming from a trusted source meaning it would bypass digital security checks.

In particular, the CVE-2020-0601 flaw works by tricking the Windows CryptoAPI (Crypt32.dll) into signing digital certificates.

“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source,” explained Microsoft.

“The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

“A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”

Given the problems with updating Windows 10 in the past, many users may be hesistant to update straight away but the official advice is don’t wait.

It is believed that the NSA found, and reported, the vulnerability to Microsoft and military systems were issued with a fix ahead of the wider release to make sure they weren’t at risk when the flaw was revealed publicly.

READ NEXT: Best antivirus 2020

Since Microsoft issued its latest Patch Tuesday – which also fixes a further 50 security flaws – the NSA has urged users to upgrade immediately.

As has CISA, via the National Cyber Awareness System, which issued an alert called “Critical Vulnerabilities in Microsoft Windows Operating Systems” describing the vulnerablity as a “critical weakness”.

How to update Windows 10?

If you don’t have automatic updates enabled on your system, you can manually force the update through by either visiting Microsoft’s online update page, or by clicking Start | Settings | Update & Security | Windows Update.

Read more