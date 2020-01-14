NSA Discovers Flaw in MICROSOFT Windows…

Posted by | Jan 14, 2020 | | 0 |

NSA Discovers Flaw in MICROSOFT Windows…
https://tracking.feedpress.it/link/20202/13155148

Sponsored Links

REUTERS/Lucy Nicholson

The IT world is waiting on pins and needles today for a high-profile Microsoft Windows 10 security patch, and now we know why. The US National Security Agency (NSA) discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches, according to the Washington Post. That was backed by Krebs on Security, which reported that the NSA confirmed that it did find a major vulnerability that it passed on to Microsoft.

In the past, the NSA might have kept the security hole to itself, using it to spy on adversaries. The best examples of that are WannaCry and EternalBlue, Windows 10 vulnerabilities discovered and exploited by the NSA for years. The agency developed hacking tools to exploit those holes, but some of them were uncovered and released by a suspected Russian hacking group called Shadow Brokers. EternalBlue is still used to this day on unpatched systems for ransomware, theft and other types of attacks.

The NSA confirmed that the vulnerability affects Windows 10 and Windows Server 2016. It said that it flagged the dangerous bug because it “makes trust vulnerable.” However, it wouldn’t say when it found the flaw and declined to discuss it further until Microsoft released a patch.

According to Krebs, the vulnerability was found in a Windows component called crypt32.dll, which handles “certificate and cryptographic messaging functions,” according to Microsoft. An exploit in that area could affect authentication on Windows desktops and servers, sensitive data on Microsoft’s Internet Explorer and Edge browsers and many third-party applications. Hackers could also use it to spoof digital signatures, making malware look like a legitimate app.

A software patch was released earlier to critical Windows 10 clients including the US military and managers of key internet infrastructure. Microsoft has since released updates for all customers, urging them to install them “as quickly as practical.” As Krebs notes, the company rated the exploitability of the vulnerability as 1 — the second most severe in Microsoft’s rating system. Again, the company confirmed it has not yet been exploited, but is still a major security issue.

Update 1:15PM ET: Microsoft has issued patches for Windows 10 and both Windows Server 2016 and 2019. This post has been updated to reflect this new info.

Source: Washington Post, Krebs on Security
In this article: flaw, gear, microsoft, National Security Agency, NSA, patch, security, vulnerability, Windows 10
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
958 Shares
Share
Tweet
Share
Save
You Might Like
Learn more about RevenueStripe...

Rate:

About The Author

-NO AUTHOR-

Related Posts

Stock markets gained $17 trillion in value in 2019…

Stock markets gained $17 trillion in value in 2019…

December 25, 2019

French Unions Keep Pressure on Macron With New Round of Protests…

French Unions Keep Pressure on Macron With New Round of Protests…

December 28, 2019

Data on 267 million users exposed…

Data on 267 million users exposed…

December 20, 2019

'I would have won'…

'I would have won'…

December 31, 2019

RSS Sponsored Campaigns

  • The House Freedom Fund. Effective, Vetted, Conservative Candidates, Who Will Hold To Your Principles! June 27, 2019
    Fellow Conservative: Change in Washington means changing the people we send there, and that means electing courageous freedom fighters who will stand up to the liberals in Congress and support President Trump. House Freedom Fund has identified six priority candidates who need your support now. These candidates have proven records of fighting for less government and more […]
  • Glenn Beck Launches “Real Estate Agents I Trust” May 15, 2019
    CauseACTION is pleased to support Glenn Beck's launch of "Real Estate Agents I Trust". Glenn's network of dedicated, trustworthy Real Estate Agents are here to help you with one of the most important investments in your life. Visit this post to get started and be assured of a great, professional moving experience.

Sponsored

Subscribe to Clarion News

Treat yourself to current Conservative News and Commentary conveniently delivered all in one site, right to your computer doorstep.

More Topics

Learn more about RevenueStripe...

More

Learn more about RevenueStripe...
Learn more about RevenueStripe...

Learn more about RevenueStripe...
Learn more about RevenueStripe...