NSA alerted Microsoft to major Windows 10 security flaw

The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software co...

Posted: Jan 14, 2020 12:28 PM
Updated: Jan 15, 2020 7:15 PM

The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies, agency officials said on Tuesday.

Microsoft issued a software update on Tuesday to fix the vulnerability, as part of its normal schedule for releasing software patches.

News of the vulnerability and patch were first reported by independent journalist Brian Krebs, who said Microsoft provided its software fix to the military and key infrastructure companies ahead of Tuesday's public release.

Microsoft said in a statement Monday night that it provides advance versions of its updates to some users under a special testing program. Jeff Jones, a senior director at Microsoft, declined to discuss specifics of the flaw 'to prevent unnecessary risk to customers.'

The company did not immediately respond to a request for comment on Tuesday.

The NSA's rare announcement of the flaw, along with its decision to warn Microsoft rather than exploit the bug for intelligence purposes, underscores the magnitude of the threat it could pose to businesses, consumers and government agencies worldwide.

The NSA said that, while it has shared vulnerability information with the private sector in the past, this marks the first time that it has come forward publicly to do so. The agency said the decision reflects an effort to build trust with cybersecurity researchers.

'Part of building trust is showing the data,' Anne Neuberger, the NSA's director of cybersecurity, told reporters on a conference call Tuesday. Because the NSA has never allowed itself to be linked to a vulnerability disclosure, she said, 'it's hard for entities to trust that we take this seriously. And ensuring vulnerabilities can be mitigated is an absolute priority.'

The NSA did not use the vulnerability to exploit adversaries, and the bug was turned over to Microsoft as soon as it was discovered, Neuberger added. She said the NSA has not detected any other entities using the bug.

The Department of Homeland Security said on the call that it would issue a bulletin to federal agencies advising them to install the Microsoft patches immediately.

The flaw concerns a core Windows function that verifies the legitimacy of apps and programs, a feature known as CryptoAPI.

'It's the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,' said Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission.

By compromising that validation feature, hackers could easily impersonate 'good' software companies to install bad software, Soltani said, potentially allowing them to spy on computer users or hold their devices hostage for ransom.

California Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 516851

Reported Deaths: 9441
CountyConfirmedDeaths
Los Angeles1938774702
Orange37813651
Riverside37011695
San Bernardino33432418
San Diego29883565
Kern20651144
Fresno15083138
San Joaquin11885180
Alameda11524189
Santa Clara10794191
Sacramento10122145
Tulare9745189
Imperial9448222
Stanislaus9221112
Contra Costa8033127
Ventura734476
San Francisco691661
Santa Barbara616760
San Mateo5683119
Marin509270
Monterey492430
Kings445356
Merced428550
Solano361137
Sonoma311339
Madera194330
Placer192516
San Luis Obispo190216
Yolo157242
Santa Cruz11524
Butte9417
Napa8888
Sutter7976
San Benito6474
El Dorado6371
Lassen6260
Yuba5024
Shasta3909
Glenn3321
Colusa3314
Mendocino3229
Nevada2991
Tehama2341
Humboldt2334
Lake2081
Mono1451
Tuolumne1412
Amador1260
Calaveras1251
Del Norte880
Siskiyou730
Inyo611
Mariposa572
Plumas330
Trinity50
Alpine20
Modoc20
Sierra20
Unassigned00
Chico
Clear
72° wxIcon
Hi: 97° Lo: 62°
Feels Like: 72°
Oroville
Clear
71° wxIcon
Hi: 99° Lo: 62°
Feels Like: 71°
Paradise
Clear
72° wxIcon
Hi: 91° Lo: 61°
Feels Like: 72°
Chester
Clear
57° wxIcon
Hi: 86° Lo: 56°
Feels Like: 57°
Red Bluff
Clear
74° wxIcon
Hi: 101° Lo: 65°
Feels Like: 74°
Willows
Clear
72° wxIcon
Hi: 101° Lo: 59°
Feels Like: 72°
Seasonably hot weather continued on Monday for northern California with a mix of sunshine and smoke from our area wildfires. A cooling trend is ahead, but it will be brief.
KHSL Severe
KHSL Radar
KHSL Temperatures

Community Events