

REDMOND (dpa-AFX) - Microsoft has released a security update to fix a dangerous vulnerability that impact Windows 10 operating system.



The bug was discovered and reported by the US National Security Agency.



A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography certificates, Microsoft said in a statement.



The cryptographic component CryptoAPI has a function that allows developers to digitally sign their software, proving that the software has not been tampered with.



But the bug may allow attackers to exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.



The company noted that the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.



Microsoft said, 'The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.'



