Update Windows 10 as soon as possible to patch broken X.509 certificate validation
If you're using Windows 10, make sure to update your install of it as soon as possible to patch a major security risk.
The United States National Security Agency has released an advisory notifying Windows 10 users to update their operating system as quickly as possible. The portion of Windows 10's cryptography library that validates public key certificates that utilize the X.509 standard contains a vulnerability. This vulnerability can be used to forge a software signing certificate with Windows not realizing that it's fake. This can be used by attackers to dupe users into installing malicious versions of applications.
The NSA advisory also mentions that the vulnerability can be used to spoof signed emails and files, as well as performing man-in-the-middle attacks between a Windows 10 install and any secure HTTPS connection. The advisory states the following:
"Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners."
No active exploit has been discovered that uses this exploit, but it's still highly recommended to update your installation of Windows 10 as soon as possible.
Further coverage: Ars Technica
- Paid • Proprietary
Windows 10 is a personal computer operating system released by Microsoft as part of the Windows NT family of operating systems