The US National Security Agency (NSA) discovered a major flaw in Windows 10 that could have been used by hackers to create malicious software that looked legitimate.
Microsoft has released a patch and said it is now aware of the bug being exploited by hackers.
The issue was unveiled during an NSA press conference.
It was unclear how long he knew this before revealing it to Microsoft.
Brian Krebs, the security expert who first reported the revelation, said the software giant sent the patch to US military branches and other high-level users before its broader release. It was, he wrote, "extraordinarily scary."
The problem exists in a major Windows component known as crypt32.dll, a program that allows software developers to access various functions, such as digital certificates used to sign software.
It could, in theory, allow a hacker to transmit malicious software as being entirely legitimate.
NSA cybersecurity director Anne Neuberger told reporters that the bug "makes trust vulnerable."
She added that the agency decided to make public its involvement in the discovery, at Microsoft's request.
Failure is also a problem in Windows Server 2016 and 2019, but does not appear to affect older versions of the operating system.
Surrey University security expert Alan Woodward said of the flaw: "It's big because it affects the cryptographic software used by Microsoft operating systems. While there's no evidence that it was exploited by hackers, it's a big problem. Threat, because it allows users to open up to a variety of attacks, so this is not a case of panicking but patching immediately. "
"The concern is that once the vulnerability is known in detail, exploits will be produced and stragglers who will not fix them will be the main targets."