NSA finds major security flaw in Windows 10, free fix issued

But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone.

Microsoft released a free software patch to fix the flaw Tuesday and credited the agency for discovering it. The company said it has not seen any evidence that hackers have used the technique discovered by the NSA.

Amit Yoran, CEO of security firm Tenable, said it is "exceptionally rare if not unprecedented" for the U.S. government to share its discovery of such a critical vulnerability with a company.

Yoran, who was a founding director of the Department of Homeland Security's computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.

An advisory sent by the NSA on Tuesday said "the consequences of not patching the vulnerability are severe and widespread."

Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.

"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," the company said.

If successfully exploited, an attacker would have been able to conduct "man-in-the-middle attacks" and decrypt confidential information on user connections, the company said.

Some computers will get the fix automatically if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings.

Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA's involvement. Microsoft and the NSA both declined to say when the agency notified the company.

The agency shared the vulnerability with Microsoft "quickly and responsibly," Neal Ziring, technical director of the NSA's cybersecurity directorate, said in a blog post Tuesday.

Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the "constructive role" that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it's likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.

The revamping of what's known as the "Vulnerability Equities Process" put more emphasis on disclosing unpatched vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.

Website search

Recently updated

EG Anti Virus EG Anti Virus Antivirus application with password protection, multiple scan modes, quarantine, data security tools, encrypted notes, and file cleaner
ESET Internet Security (Smart Security) ESET Internet Security (Smart Security) Eset's complete security solution against viruses, spyware, worms and other kinds of malware, backed by a personal firewall, anti-spam, anti-theft and parental control, among other modules
ESET NOD32 Antivirus ESET NOD32 Antivirus Anti-malware software solution with optimal default configuration for rookies and extensive set of customization settings for experts

Software News

Jan 24
The headlines on many tech-watching sites this week amounted to one big whaaat? An anti-tracking feature in Apple's Safari browser was actually exposing private browsing habits, according to researchers outside Apple. This ...
Jan 23
Tinder announced Thursday that US users would soon have a "panic button" to alert authorities to potentially dangerous situations as part of a stepped up safety initiative by the popular dating app.
Jan 23
Android is all up in the clouds, just where Canonical thought it could be, in working up its service called Anbox Cloud, announced earlier this week.
Jan 21
Three WordPress plugins have been picking up quite the glare of attention this month after researchers found serious vulnerabilities in them-and the numbers are sobering, in that these plugins have been installed on more ...
Jan 20
Teaching online video game players to save lives, not take them-that is the aim of a new product developed in an unusual collaboration between the creators of the wildly popular Fortnite games and the International Committee ...
Jan 17
Researchers from Dartmouth and the Massachusetts Institute of Technology (MIT) have developed an original approach to flight scheduling that, if implemented, could result in a significant increase in profits for airlines ...
Jan 15
The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could allow hackers to intercept seemingly secure communications.

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.