Are you running Windows 10 on one of your computers? The latest version of Microsoft’s long-running and universally popular operating system, Windows 10 is preferred by countless business owners and consumers. It’s fast, user friendly and secure. With that said, Microsoft recently released a patch for a security vulnerability in Windows 10. If you haven’t downloaded and installed it, your computer could be susceptible to cyber threats.
About the Windows 10 Vulnerability
On Jan. 14, Microsoft rolled out an update to patch a vulnerability in its Windows 10 operating system. The vulnerability essentially leaves computers susceptible to encryption spoofing. When you visit a secure website, your web browser will typically check and verify the encryption certificate. This newly discovered vulnerability allows hackers to spoof encryption certificates such as this.
Microsoft was alerted to the vulnerability by the U.S. National Security Agency (NSA). The NSA discovered the vulnerability, after which it contacted Microsoft to inform the Redmond-based company about the vulnerability. Microsoft has since responded by releasing an update to patch the vulnerability.
Affected Operating Systems
In addition to Windows 10, the vulnerability also affects Server 2016 and Server 2019. If you run any of these operating systems, you should install the latest update as soon as possible to protect against cyber threats.
When speaking about the recent vulnerability, government officials explained that anti-virus software isn’t sufficient. According to the U.S. Department of Homeland Security (DHS), the vulnerability may “thwart” anti-virus software.
“The vulnerability in ECC certificate validation affects Windows 10, Server 2016, and Server 2019. It bypasses the trust store, allowing unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization, which may deceive users or thwart malware detection methods like anti-virus,” wrote the U.S. Department of Homeland Security (DHS).
How to Update Windows 10
To protect your computer from the ECC certificate-related vulnerability, you should update it to the latest version of its respective operating. Assuming your computer runs Windows 10, you can download and install new updates by accessing Start > Update & Security > Windows Update > Check for Updates.
Keep in mind, it may take several minutes to download the update, and once downloaded, you’ll have to restart your computer for the update to take effect. Once the update has finished installing, your computer will no longer be susceptible to the encryption vulnerability.
Encryption is a highly useful tool in protecting against cyber threats. Unfortunately, though, it’s not completely foolproof. As revealed in Microsoft’s latest vulnerability, encryption certificates can be spoofed.