The aforementioned vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. One function is it allows developers to digitally sign their software, proving that the software has not been tampered with.
This is a departure for the NSA from its past strategy of keeping security flaws under wraps to exploit for its own intelligence needs.
During a press conference on Tuesday, they said the "serious vulnerability" could be used to create malicious software that appeared to be legitimate.