US National Security Agency Alarms.
The US National Security Agency announced a critical vulnerability found in Microsoft’s Windows operating system. This was the authoritative publication Bloomberg.
The NSA filed a find with Microsoft and the company has already reported on the release of a patch on January 14 as part of the monthly update Patch Tuesday, traditionally released on the second Tuesday of the month. As noted by the NSA, the vulnerability affects Windows 10 and Windows Server 2016.
Security experts declared the found vulnerability “extremely” serious and intimidating. It is associated with the Crypt32.dll library, which manages security certificates and message encryption features.
Vulnerability in such a place of the OS compromises the security of all information in the system. It affects user authentication in regular and server versions of Windows, covers important data in Internet Explorer and Edge browsers, as well as many third-party applications. Attackers can also fake digital signatures, creating malicious applications that look like real ones.
Microsoft itself not only released the patch, but also emphasized that no cyber attacks using this vulnerability were noticed.