The National Security Agency (NSA) found and notified Microsoft of what it called a serious vulnerability in the company’s Windows 10 operating system that could potentially expose computer users to significant breaches, surveillance or disruption, officials announced Tuesday.
The public disclosure is unlike the NSA’s usual approach of using such flaws to build hacking tools that allow the agency to spy on adversaries’ networks, according to The Washington Post. Rather, officials released a fix.
The NSA discovered an error in the Microsoft code that verifies digital signatures, which could enable a hacker to forge the signature and breach a computer.
“The patch is the only comprehensive means to mitigate the risk,” the NSA’s statement read. “While means exist to detect or prevent some forms of exploitation, none of them are complete or fully reliable.”
Microsoft said it addressed the flaw promptly and released a security update Tuesday. Customers who have already applied the update, or have automatic updates enabled, should be protected.
Microsoft told the Post that it has seen no active exploitation of the flaw.