NSA Reveals Crucial Flaw in Microsoft’s Windows 10 Operating System
The US National Security Agency, otherwise known as the NSA, has discovered what the BBC is describing as a “major flaw” in the Windows 10 operating system, it has been revealed.
According to the BBC’s report the NSA revealed in a press conference that Microsoft’s operating software, used by tens, if not hundreds of millions around that globe that, according to the report, “could have been used by hackers to create malicious software that looked legitimate.”
What’s not known at this stage, however, is how long the NSA contacted Microsoft behind closed doors explaining the scope and potential for danger the flaw presented. The NSA’s director, Anne Neuberger did, however, tell reporters that the flaw “makes trust vulnerable,” adding that the NSA elected to make its involvement in resolving the issue public at the request of Microsoft.
“It could, in theory, have allowed a hacker to pass off a piece of malicious software as being entirely legitimate.” - BBC News
The BBC is writing that “Brian Krebs, the security expert who first reported on the revelation, said the software giant had sent the patch to branches of the US military and other high-level users ahead of its wider release. It was, he wrote, ‘extraordinarily scary.’”
According to Brian Kreb’s website, KrebsonSecurity, “sources tell… that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows.”
According to his reporting, it seems as though Microsoft was conducting some sort of damage-control, with Krebs stating that “those sources say Microsoft has quietly shipped a patch for the bug to branches of the US military and to other high-value customers/targets that manage key internet infrastructure, and that those organisations have been asked to sign agreements preventing them from disclosing details of the flaw prior to January 14th, the first patch Tuesday of 2020.”
He continues to explain that “a critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications.”
According to the BBC’s reporting, “the problem exists in a core component of Windows known as crypt32.dll, a program that allows software developers to access various functions, such as digital certificates which are used to sign software.”
“A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers.” - Brian Krebs.
“It could, in theory, have allowed a hacker to pass off a piece of malicious software as being entirely legitimate.”
The BBC’s report also quotes Professor Alan Woodward, a security expert at Surrey University who said that “it’s big because it affects the core cryptographic software used by Microsoft operating systems. Although there is no evidence that it has been exploited by hackers, it is a major threat as it lays users open to a range of attacks, so this is a case of don’t panic but apply the patch straight away.”
“The concern is that as soon as the vulnerability is known about in detail, exploits will be produced and the laggards who don’t patch will be prime targets.”