The US National Security Agency alerted Microsoft to a major flaw in its Windows 10 operating system which could have exposed users to hacking or surveillance.
Microsoft quickly responded by announcing that it had rolled out a software update to fix the vulnerability.
The NSA made the revelations in a press conference this week, breaking with tradition of keeping security flaws secret to exploit for the agency’s own needs. The discovery was reportedly made public at Microsoft’s request.
The flaw was discovered in both Windows Servers 2016 and 2019 editions. The problem lies in the core component of Windows known as crypt32.dll. This OS component plays a major part in software development, allowing access to several functions of the system like certificates. Allowing free reign over this core component would, theoretically, make Windows treat any piece of software – safe or malicious – as a completely legitimate one.
The NSA’s director of cybersecurity Anne Neuberger said the bug “makes trust vulnerable.”
According to Microsoft, the flaw hasn’t been abused by hackers, but it remains unknown how long it was present in the code.