Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

Microsoft released a patch for Windows 10 and Server 2016 today after the National Security Agency found and disclosed a serious vulnerability. It’s a rare but not unprecedented tip-off, one that underscores the flaw’s severity—and maybe hints at new priorities for the NSA. The bug is in Windows’ mechanism for confirming the legitimacy of software or establishing secure web connections. If the verification check itself isn’t trustworthy, attackers can exploit that fact to remotely distribute malware or intercept sensitive data.