The decision by the NSA to disclose the vulnerability rather than take advantage of it was unusual and highlighted the seriousness of the problem.
The bug in Microsoft’s CryptoAPI service, which confirms the authenticity of secure web connections, could have left more than 900 million Windows 10 PCs exposed.