Microsoft's latest Patch Tuesday plugs 50 security holes including a hugely critical flaw within the CryptoAPI
The spoofing vulnerability, found in the so-called CryptoAPI in Windows 10, could allow a hacker to install malicious software that looks and works like a legitimate programme.
What’s more, your system wouldn’t be able to tell it was malicious and would mark it as coming from a trusted source meaning it would bypass digital security checks.
In particular, the CVE-2020-0601 flaw works by tricking the Windows CryptoAPI (Crypt32.dll) into signing digital certificates.
“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source,” explained Microsoft.
“The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
“A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”
Given the problems with updating Windows 10 in the past, many users may be hesistant to update straight away but the official advice is don’t wait.
It is believed that the NSA found, and reported, the vulnerability to Microsoft and military systems were issued with a fix ahead of the wider release to make sure they weren’t at risk when the flaw was revealed publicly.
READ NEXT: Best antivirus 2020
Since Microsoft issued its latest Patch Tuesday – which also fixes a further 50 security flaws – the NSA has urged users to upgrade immediately.
As has CISA, via the National Cyber Awareness System, which issued an alert called “Critical Vulnerabilities in Microsoft Windows Operating Systems” describing the vulnerablity as a “critical weakness”.
How to update Windows 10?
If you don’t have automatic updates enabled on your system, you can manually force the update through by either visiting Microsoft’s online update page, or by clicking Start | Settings | Update & Security | Windows Update.