NSA finds major security flaw in Windows 10, free fix issued

But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone.

Microsoft released a free software patch to fix the flaw Tuesday and credited the agency for discovering it. The company said it has not seen any evidence that hackers have used the technique discovered by the NSA.

Amit Yoran, CEO of security firm Tenable, said it is "exceptionally rare if not unprecedented" for the U.S. government to share its discovery of such a critical vulnerability with a company.

Yoran, who was a founding director of the Department of Homeland Security's computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.

An advisory sent by the NSA on Tuesday said "the consequences of not patching the vulnerability are severe and widespread."

Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.

"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," the company said.

If successfully exploited, an attacker would have been able to conduct "man-in-the-middle attacks" and decrypt confidential information on user connections, the company said.

Some computers will get the fix automatically if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings.

Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA's involvement. Microsoft and the NSA both declined to say when the agency notified the company.

The agency shared the vulnerability with Microsoft "quickly and responsibly," Neal Ziring, technical director of the NSA's cybersecurity directorate, said in a blog post Tuesday.

Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the "constructive role" that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it's likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.

The revamping of what's known as the "Vulnerability Equities Process" put more emphasis on disclosing unpatched vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.

Website search

Recently updated

ACT Key Crack Plus Keygen ACT Key Crack & Activation Code Recover passwords for ACT! files
OneNote Password Recovery Key Crack + Activator Download 2020 OneNote Password Recovery Key Crack + Serial Number A password recovery tool that is designed to retrieve passphrases for MS OneNote files by using a combination of various attacks
P2 Commander Crack + Activator Download P2 Commander Crack With License Key 2020 A reliable and effective solution that helps you to perform comprehensive digital forensic examinations and deleted data recovery

Software News

Jul 2
NOVID, a contact tracing app that anonymously traces users' exposure to COVID-19, is the first such app in the world to demonstrate the distance accuracy required to perform contact tracing without significant false positives. ...
Jul 1
The technology company Red Hat said Tuesday that it would take measures to remove contentious terms like "master/slave" from its source code and other areas, in an effort to make its products more inclusive.
Jun 30
It's hard to believe in this age of computer viruses, phishing attacks, ransomware, trojan horses, denial-of-service attacks and keystroke logging that there was once a time before the Internet when just about the only worry ...
Jun 29
Cybersickness, or motion sickness during the use of virtual reality, can be a major roadblock to the development and adoption of augmented and virtual reality technology. Now researchers at UTSA have built GingerVR, the first ...
Jun 24
The UK's coronavirus contact tracing app has been kicked into the long grass, with the government now saying it isn't a priority and may not be ready until winter. The app-which has so far cost nearly £12 million - was ...
Jun 23
Sword fights are often the weak link in virtual reality (VR) fighting games, with digital avatars engaging in battle using imprecise, pre-recorded movements that barely reflect the player's actions or intentions. Now a team ...
Jun 23
As players embark on the third season of "Fortnite" launching last week, some players have noticed the absence of police cars.

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.