Microsoft Fixes Windows Crypto Bug

Microsoft has released a security update to fix a dangerous vulnerability that impact Windows 10 operating system. The bug was discovered and reported by the US National Security Agency. A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography certificates, Microsoft said in a statement. The cryptographic component CryptoAPI has a function that allows developers to digitally sign their software, proving that the software has not been tampered with. But the bug may allow attackers to exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The company noted that the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. Microsoft said, "The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates."