NSA tips off Microsoft to security flaw | TheHill – The Hill

The National Security Agency (NSA) found and notified Microsoft of what it called a serious vulnerability inthe company's Windows 10 operating system that could potentially expose computer users to significant breaches, surveillance or disruption, officials announced Tuesday.

The public disclosure is unlike the NSA's usual approach of using such flaws to build hacking toolsthat allow the agency to spy on adversaries networks, according to The Washington Post. Rather, officials released a fix.

This is ... a change in approach ... by NSA of working to share, working to lean forward, and then working to really share the data as part of building trust, Anne Neuberger, director of the NSAs Cybersecurity Directorate, which was launched in October, told the Post.

The NSA discovered an error in the Microsoft code that verifies digital signatures, which could enable a hacker to forge the signature and breach a computer.

The patch is the only comprehensive means to mitigate the risk, the NSA's statement read. While means exist to detect or prevent some forms of exploitation, none of them are complete or fully reliable.

Microsoft said it addressed the flaw promptly andreleased a security updateTuesday. Customers who have already applied the update, or have automatic updates enabled, should be protected.

Microsoft told the Post that it has seen no active exploitation of the flaw.

Link:

NSA tips off Microsoft to security flaw | TheHill - The Hill

Related Posts

Comments are closed.