Major Flaw In Microsoft Windows Revealed By NSA

An illustration of a laptop with open locks on the screen

Microsoft patched a severe flaw in Windows 10 after the National Security Agency released a warning urging the company to fix the potentially damaging vulnerability. This comes almost 11 years after the extremely popular operating system was first launched in New York City.

'This is the type of [vulnerability] I am sure the [NSA hackers] would have loved to use for years to come'.

Microsoft's scheduled security update for Windows includes a fix to a potentially risky bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source.

The U.S. intelligence agency has historically opted to weaponize vulnerabilities discovered in a vendor's software for offensive purposes, mostly notably when it exploited a Microsoft flaw for more than a half-decade by creating a hacking tool called Eternal Blue.

According to the security-centric blog: "Sources tell KrebsOnSecurity that Microsoft Corp.is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows". Even the Windows 10 had to wait for almost 4 years before it could surpass the market share of Windows 7. On the plus side, Microsoft has said it will continue pushing out definition updates to MSE (Microsoft Security Essentials) on Windows 7 PCs.

It can hardly have escaped your attention that yesterday was the day Microsoft stopped supporting Windows 7.


Those changes happened after a mysterious group calling itself the "Shadow Brokers" released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to fix their systems.

That's not a cheap ask, given that Windows 10 Home edition costs £119.99 for a single license, which is valid for one PC. For most users, switching browsers isn't a casual thing, after all.

Meanwhile, those unable to migrate workloads to the cloud are instead advised to move to Microsoft's Windows Server 2019, which carries hybrid capabilities to integrate with Azure, plus Kubernetes support for Windows containers. "We will be able to say more once the patch will be released".

The UK Government Communications Headquarters (GCHQ) has warned people not to use Windows 7 to do internet banking or use e-mails from computers with Windows 7 from Tuesday 14th January. "The notification will remain on the screen until you interact with it", Microsoft says.

If successful, an attacker could then conduct man-in-the-middle attacks and decrypt confidential information, or run malware even in environments using app whitelisting.

Related:

Comments

Latest news

Cuphead and Assassin's Creed are invading Smash Ultimate in Mii form
These characters comprise the Fighters Pass, which will be complete once Byleth is released at the end of the this month. The character can be purchased individually for $5.99 or as part of the Fighters Pass for $25.

5.2 magnitude natural disaster strikes Puerto Rico, USGS says
Department of Housing and Urban Development (HUD), Politico reported on Wednesday, citing people familiar with the matter. However, just $1.5 billion had been disbursed, leaving many lawmakers and local leaders perplexed.

Gov't Watchdog Office: OMB Broke Law With Trump-Ordered Ukraine Aid Freeze
The report's damning assessment landed just as Trump's impeachment trial was set to convene in the US Senate. The withholding was not a programmatic delay.

Bennett gets Black Caps recall
Skipper Kane Williamson has also returned to the T20I squad after missing the series against England in November past year . With that, he is also clever with his variations and that is what makes him a well-round T20 bowler in the squad.

Stephen King embroils himself in 2020 Oscars diversity row
King has been criticised by people from minority backgrounds over his comments. . It seems to me that to do otherwise would be wrong", he said in the second.

Other news