Experts from the U.S. National Security Agency (NSA) detected a dangerous security gap in Windows 10 and Windows Server 2016 / 2019, which may allow to track users and obtain sensitive information. Exploit has already been patched up by Microsoft.
A vulnerability was found in the crypt32.dll cryptographic library, which is used to support certificates and various activities requiring content encryption. To be honest, just this one sentence alone shows how serious a problem we are dealing with here. According to Microsoft's rating system, exploit is ranked 1, which means the second most serious category of threats. According to the experts, the vulnerability can be exploited, among others, to cheat the user's authentication system (in the example given, there is a possibility of granting a security certificate to a dangerous file) and stealing data from Internet Explorer, Edge and many other programs.
It is worth noting that in the past, the NSA has used similar exploits for its own purposes on several occasions, informing about them only when they started to be used by hackers (obviously those who do not work for the agency). This was the case with the dangerous gaps of WannCry and EternalBlue. Was it a similar situation in this case? It's hard to say, but since the exploit came to light and was fixed, we suggest you download the appropriate patch as soon as possible.
- Microsoft - official website
- NSA - official website