Microsoft released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10. The vulnerability was found in an old Windows cryptographic component known as CryptoAPI. This component allows developers to digitally sign their software, guaranteeing its authenticity. However, this bug may allow attackers to spoof legitimate software, potentially making it easier to run malicious software on a vulnerable machine. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

The National Security Agency confirmed in a call with reporters that it found the vulnerability and turned over the details to Microsoft, allowing the company to build and ready a fix. Microsoft only classified the bug as important, not critical, since it found no evidence to show that the bug has been actively exploited by attackers.

Microsoft released patches for Windows 10 and Windows Server 2016, which is also affected, to the U.S. government, military and other high-profile companies ahead of Tuesday’s public release. As of yesterday, every user of Windows Server 2016 and Windows 10, should have installed the patch to ensure they were no vulnerable.

If you need help installing your patch or if you need help understanding what this vulnerability means, give us a call today. If you are still running outdated Windows programs, now is also the time to take action to ensure you aren’t risking your organizations security. 2W Tech is a full-service IT Consulting firm that specializes in solutions for the manufacturing industry. We are also a Microsoft Gold Partner.

Read More:

The Importance of an Intelligent Workplace in 2020

ERP Trends for 2020

Back to IT News