The vulnerability lies in CryptoAPI, a cryptographic component of Windows created decades ago that is used in Windows 10 and Windows Server 2016. More specifically, it lies in the part of that component that allows software developers to put their official signature on their product, alerting users that it is legitimate. When exploited, the bug allows a hacker to fake that legitimate signature on a piece of malware rather than trusted software.
“The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” Microsoft said.