Earlier this month, users of Microsoft’s Windows 10 were urged to update their computers by US security agency, NSA, after a huge vulnerability was discovered. Microsoft was informed of the vulnerability before it was made public and created a patch that was then pushed out in an update to the operating system.
Discovered by the National Security Agency, the vulnerability could allow an attacker to perform man-in-the-middle attacks and decrypt confidential information on user connections. According to reports, both Microsoft and the NSA declined to comment on exactly when Microsoft was notified of the vulnerability.
Microsoft explained that the vulnerability could be exploited by attackers to allow them to make a file look like it was from a trusted source by spoofing a code-signing certificate. They went on to explain that a user would have no way of knowing if a file was malicious as the digital signature would look as if it was from a trusted provider.
Using their Patch Tuesday programme, Microsoft releases regular updates and fixes for Windows 10. The patch for this vulnerability stops hackers from being able to intercept communications and was pushed out in a free update using this Patch Tuesday programme.
If your computer is set to receive automatic updates, it should have already updated, however updates can be carried out manually in the Windows Update section of the computer’s settings.