Microsoft issues critical Windows security fix after tipoff from US NSA | World News - Hindustan Times
close_game
close_game

Microsoft issues critical Windows security fix after tipoff from US NSA

Washington | ByReuters
Jan 15, 2020 06:25 AM IST

Microsoft said the flaw could allow a hacker to forge digital certificates used by some versions of Windows to authenticate and secure data.

Microsoft Corp on Tuesday rolled out an important security fix after the US National Security Agency tipped off the company to a serious flaw in its widely used Windows operating system, officials said.

Microsoft Corp rolled out an important security fix in Windows operating system.(Reuters image)
Microsoft Corp rolled out an important security fix in Windows operating system.(Reuters image)

Microsoft said the flaw could allow a hacker to forge digital certificates used by some versions of Windows to authenticate and secure data. Exploiting the flaw could have potentially serious consequences for Windows systems and users.

Hindustan Times - your fastest source for breaking news! Read now.

The NSA and Microsoft said they had not seen any evidence that the flaw had previously been abused, but both urged Windows users to deploy the update as soon as possible. NSA official Anne Neuberger noted that operators of classified networks had already been prodded to install the update and everyone else should now “expedite the implementation of the patch.”

The Microsoft patch marks the first time the NSA has publicly claimed credit for prompting a software security update, although the agency said it has alerted companies in the past to flaws in their products. Neuberger said the agency was striving for more transparency with the information security research community.

“Part of building trust is showing the data,” she told reporters in a call just minutes before the patch went live.

Experts said the move was unprecedented.

“I have never seen this before,” said Tenable Chief Executive Amit Yoran, who previously served as founding director of the US Computer Emergency Readiness Team.

“I cannot think of a single instance where government shared a zero-day with a vendor and took credit for it,” he said in an email.

The NSA faces a balancing act when it comes across such vulnerabilities. The agency had been criticized after its cyberspies took advantage of vulnerabilities in Microsoft products to deploy hacking tools against adversaries and kept the Redmond, Washington-based company in the dark about it for years.

When one such tool was dramatically leaked to the internet in 2016, it was deployed against targets around the globe by hackers of all stripes.

In the most dramatic case, a group used the tool to unleash a massive malware outbreak dubbed WannaCry in 2017. The data-wiping worm wrought global havoc, affecting what Europol estimated was some 200,000 computers in more than 150 countries.

Neuberger did not directly address that controversy in her call but said that the NSA hoped to be “a good cybersecurity partner.”

“We’re working to evolve our mission,” she said.

Unlock a world of Benefits with HT! From insightful newsletters to real-time news alerts and a personalized news feed – it's all here, just a click away! - Login Now!

Get Latest World News along with Latest News from India at Hindustan Times.
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Thursday, March 28, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On