Plus   Neg

Microsoft Fixes Windows Crypto Bug

microsoft aug15 14jan20 lt

Microsoft has released a security update to fix a dangerous vulnerability that impact Windows 10 operating system.

The bug was discovered and reported by the US National Security Agency.

A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography certificates, Microsoft said in a statement.

The cryptographic component CryptoAPI has a function that allows developers to digitally sign their software, proving that the software has not been tampered with.

But the bug may allow attackers to exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.

The company noted that the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

Microsoft said, "The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates."

For comments and feedback contact: editorial@rttnews.com

Business News

Follow RTT