Microsoft has launched a security fix for a very serious vulnerability that affects hundreds of millions of personal computers running Windows 10, while Microsoft explained in a post that the vulnerability was found in an encryption tool in Windows that was launched years ago, known as CryptoAPI, As it has a number of functions, including allowing developers to digitally record their software, and proving that these programs are not tampered with.
According to the site techcrunch American, the vulnerability could allow hackers to simulate legitimate software in a way that they could run malicious programs, such as ransomware, while Microsoft said: “The user will not be able to know that the file is harmful, because the digital signature makes it appear to be from a trusted provider.”
While the Carnegie Mellon University vulnerability detection center said CERT-CC In a security report, it is also possible to use the error to intercept communications HTTPS or TLSAnd modified.
Microsoft indicated that it did not find any evidence to reveal the use of the vulnerability, which it classified as “dangerous” by the attackers, while the National Security Agency confirmed that it had found the vulnerability, and had informed Microsoft of the details, allowing the company to fix it.
This comes at a time when the American Agency was exposed to a lot of criticism for discovering holes in the Windows system and then exploiting them to build spy tools instead of informing Microsoft. The Agency used a vulnerability in Windows to build a tool named EternalBlue They can spy on computers, but the vulnerability has been leaked to be exploited by hackers to launch famous ransom attacks. WannaCry That resulted in millions of dollars in losses.
According to the report, Microsoft has launched a security fix for Windows 10, Windows Server 2016 for the US government, the military, and other major companies..