NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout

    India
    Business
    World
    Politics
    Sports
    Technology
    Entertainment
    Auto
    Lifestyle
    Inspirational
    Career
    Bengaluru
    Delhi
    Mumbai

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
    Home / News / Technology News / #BugAlert: Critical security vulnerability flagged in Windows 10; update now
    Next Article
    #BugAlert: Critical security vulnerability flagged in Windows 10; update now

    #BugAlert: Critical security vulnerability flagged in Windows 10; update now

    By Shubham Sharma
    Jan 15, 2020
    06:25 pm

    What's the story

    After Firefox, Windows 10 has been plagued by a security vulnerability.

    Though the OS hasn't had a smooth, bug-free run in a long time, the latest issue is a critical flaw, one that has been flagged by the National Security Agency (NSA) of US.

    It even affects other iterations of Windows and needs to be patched immediately.

    Here are the details.

    Bug

    Security flaw that could make malicious software look legitimate

    While NSA is infamous for keeping critical vulnerabilities under the wraps so that they could be used for future intelligence needs, this time the agency reported the vulnerability to Microsoft.

    In a press conference, it described the issue in question as a "serious vulnerability" that could be used by hackers to make malicious software, capable of spying, stealing files, look legitimate.

    Quote

    Here's what NSA said about the vulnerability

    "The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable."

    Details

    What exactly was the issue?

    The issue, as The Verge describes, ties to Windows' handling of certificate and cryptographic messaging functions and opens a way for a threat actor to spoof the digital signature of legit software.

    This way, they could use the spoofed signature with a malicious program and trick machines that rely on digital signatures to verify software into believing that the malware-laced program is authentic.

    Possibility

    Ultimately, this could lead to major attacks

    By making malicious software look authentic, an attacker could carry out 'man-in-the-middle' attacks, Microsoft said.

    The company didn't classify the issue as a 'critical' level problem but said if it had been exploited, an attacker would have been able to decrypt confidential information on user connections to the malicious software in question.

    Notably, it emphasized that there's no evidence that anyone exploited the vulnerability.

    Fix

    Fix now rolling out for different versions of Windows

    The Redmond giant is now releasing a patch to fix the issue on Windows Server 2016, Windows Server 2019, and Windows 10, which is used by more than 400 million people, according to stats from 2017.

    "Customers who have already applied the update, or have automatic updates enabled, are already protected," said Jeff Jones, a senior director at Microsoft, stated.

    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    Latest
    Microsoft
    National Security Agency
    Security
    Windows 10

    Latest

    YouTuber Jyoti Malhotra's police remand extended by 4 days China
    Man, woman break into Salman's home separately; both arrested Bollywood
    Man uses ChatGPT as lawyer—wins ₹2L refund for canceled flight ChatGPT
    Watch: Massive explosion at SpaceX base during Starship engine test SpaceX

    Microsoft

    Microsoft to shut inactive accounts: Here's what you can do Xbox
    #FutureIsHere: Microsoft created human hologram capable of speaking any language Technology
    Microsoft is changing Windows 10's Start menu in big way Windows 10
    Soon, you will be able to recover Windows via internet Windows 10

    National Security Agency

    Leaks suggest America's NSA may have hacked global banking system Microsoft
    America, NSA is still eavesdropping on you USA
    Obama had warned Trump not to hire Flynn in November Michael Flynn
    Microsoft lambasts NSA for WannaCry, time for a "wake-up call" Microsoft

    Security

    13 lakh Indian debit, credit cards selling on dark web Technology
    Several Indian activists, journalists targeted by Israeli WhatsApp spyware India
    Delhi: Bag suspected to carry RDX, contained chocolates, toys India
    'Camgirl' porn sites leaked private data of millions: Details here Spain

    Windows 10

    How Spotify compares to other music streaming services in India India
    Now, use Android apps on your Windows PC: Here's how Microsoft
    Soon, Windows 10 Calculator will have built-in graphing capabilities Microsoft
    Want to enable dark mode on Chrome? Here's the way Google
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2025