The National Security Agency (NSA), the American intelligence service, has uncovered a major vulnerability in Windows 10, writes The Washington Post Tuesday. The vulnerability is in a core component of Windows that checks whether certain software is reliable or not
The NSA discovered that the leak of the Windows check on the reliability of software could be avoided. In theory, a hacker would make malicious software, such as spy software or hostage software, look like completely reliable software. This could infect systems with rogue software.
Microsoft told Reuters news agency that they are working on an update to fix the leak. If many people do the update, there is not much going on, IT expert Matthew Green tells The Washington Post . But "if many people do not perform the update, it can lead to disaster," he fears.
Cyber security expert Brian Krebs was the first to write about the vulnerability. According to him, Microsoft has already made an update available for the US Army and other high-priority users. He writes that the leak is "extremely scary".
It is not known how long the NSA knew about the error before Microsoft was notified. Microsoft has not yet commented, but the leak is not expected to have been exploited.
This time, NSA warns of the leak
The NSA also detected a major security breach at Microsoft in 2012, but then kept it to itself. The intelligence service used the leak for years to develop espionage tools. Only after five years, when the NSA noticed that the leak was also being exploited by others, did the intelligence service warn Microsoft. Hackers had already infected thousands of systems with the ransom software WannaCry through the leak.
The existence of the vulnerability comes out on the day that Microsoft stops supporting Windows 7. It is not known if the vulnerability is also in old versions of Windows.