Microsoft Windows 10 Users Vulnerable

January 14th was the day Windows 7 lost its technical support from Microsoft. However, Windows 10, the platform it’s thought most people will upgrade to has also been making headlines recently.

The US National Security Agency (NSA) discovered a huge flaw in Microsoft’s newer platform that could potentially have been used by cyber criminals to create legitimate looking software, which disguised its sinister purpose.

Microsoft themselves, countered the NSA, who revealed this discovery at their annual conference, by informing the world they’d issued a patch to fix the flaw.

They also went on to say there was no evidence that hackers had exploited this flaw prior to the patch update.

Although it is unsure how long the flaw went undetected, when Microsoft was altered, they immediately sent patch updates to high level users – such as the US military, before releasing it across the board to all their users.

But what exactly was the problem?

Brian Krebs, a security expert, was the man who notified the software giant of the problem.

A core component of Windows known as crypt32.dll enables software developers to access different functions which includes digital certificates that are used to sign software. If a cyber-criminal was able to manipulate this component, they could have ‘signed off’ some malicious software but pass it off as legitimate.

The consequences of such actions don’t bare thinking about, especially when high profile organisations could have been subject to a very serious cyber-attack.

Anne Neuberger, the NSA’s Director of Cyber Security, told reporters that the bug “makes trust vulnerable”.

She added that Microsoft requested the NSA make their involvement in the discovery public.

The flaw is also an issue in Windows Server 2016 and 2019 but doesn’t appear to affect older versions of the operating system.

Prof Alan Woodward, a security expert based at Surrey University, said:

“It’s big because it affects the core cryptographic software used by Microsoft operating systems. Although there is no evidence that it has been exploited by hackers, it is a major threat as it lays users open to a range of attacks, so this is a case of don’t panic but apply the patch straightaway.”

“The concern is that as soon as the vulnerability is known about in detail, exploits will be produced and the laggards who don’t patch will be prime targets.”

What can we learn from this?

It’s imperative that organisations keep their cyber-systems safe. Software giants will regularly release updates and patches to ensure that any flaws in the system are ironed out and cyber-criminals are kept locked out.

However, if these updates aren’t applied, hackers can access computer systems and wreak havoc that could have reputational and financial implications.

X