A “serious vulnerability’ has been found in Windows 10, pushing the National Security Agency to heed a warning to all those using the software that they should update their devices.
The advice comes just after Microsoft made an announcement just 2 days ago that it would be stopping support for any Windows 7 software, urging users to switch to Windows 10 instead.
Should we worry?
Microsoft has admitted the vulnerability and say that because the attack would appear to be from a trusted person, there would be no way of knowing if there was any malware in the file.
Wicus Ross, Senior Researcher, SecureData comments: “The flaw exists in the validation process of digital certificates, which are used by various services including web servers to validate identity, authenticity and to establish confidential communication channels.”
“While this means that an attacker could potentially eavesdrop on a confidential conversation or impersonate another entity, there is very little public information available on how the vulnerability could be exploited. The only acceptable mitigation against this vulnerability is to install the applicable Microsoft patch,” Ross adds.
Patching the problem
Ross suggests that Microsoft has previously released patches relating to other vulnerabilities. The researcher also adds: “We expect attackers to be ready to craft new exploits that can target these gateway servers, which are normally internet facing. They have had ample time to hone their skills at exploiting vulnerabilities in Remote Desktop ever since similar vulnerabilities were published in September 2019.”
Millions of computers will be impacted by the vulnerability.