(RTTNews) - Microsoft has released a security update to fix a dangerous vulnerability that impact Windows 10 operating system.
The bug was discovered and reported by the US National Security Agency.
A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography certificates, Microsoft said in a statement.
The cryptographic component CryptoAPI has a function that allows developers to digitally sign their software, proving that the software has not been tampered with.
But the bug may allow attackers to exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.
The company noted that the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
Microsoft said, "The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates."
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
