Major Flaw In Microsoft Windows Revealed By NSA

Major Flaw In Microsoft Windows Revealed By NSA

Microsoft patched a severe flaw in Windows 10 after the National Security Agency released a warning urging the company to fix the potentially damaging vulnerability. This comes almost 11 years after the extremely popular operating system was first launched in New York City.

'This is the type of [vulnerability] I am sure the [NSA hackers] would have loved to use for years to come'.

Microsoft's scheduled security update for Windows includes a fix to a potentially risky bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source.

The U.S. intelligence agency has historically opted to weaponize vulnerabilities discovered in a vendor's software for offensive purposes, mostly notably when it exploited a Microsoft flaw for more than a half-decade by creating a hacking tool called Eternal Blue.

According to the security-centric blog: "Sources tell KrebsOnSecurity that Microsoft Corp.is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows". Even the Windows 10 had to wait for almost 4 years before it could surpass the market share of Windows 7. On the plus side, Microsoft has said it will continue pushing out definition updates to MSE (Microsoft Security Essentials) on Windows 7 PCs.

It can hardly have escaped your attention that yesterday was the day Microsoft stopped supporting Windows 7.


Those changes happened after a mysterious group calling itself the "Shadow Brokers" released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to fix their systems.

That's not a cheap ask, given that Windows 10 Home edition costs £119.99 for a single license, which is valid for one PC. For most users, switching browsers isn't a casual thing, after all.

Meanwhile, those unable to migrate workloads to the cloud are instead advised to move to Microsoft's Windows Server 2019, which carries hybrid capabilities to integrate with Azure, plus Kubernetes support for Windows containers. "We will be able to say more once the patch will be released".

The UK Government Communications Headquarters (GCHQ) has warned people not to use Windows 7 to do internet banking or use e-mails from computers with Windows 7 from Tuesday 14th January. "The notification will remain on the screen until you interact with it", Microsoft says.

If successful, an attacker could then conduct man-in-the-middle attacks and decrypt confidential information, or run malware even in environments using app whitelisting.

Related:

Comments

Latest news

5.2 magnitude natural disaster strikes Puerto Rico, USGS says
Department of Housing and Urban Development (HUD), Politico reported on Wednesday, citing people familiar with the matter. However, just $1.5 billion had been disbursed, leaving many lawmakers and local leaders perplexed.

Abu Dhabi grants US$105m to global renewable energy projects
The project is expected to benefit 5,500 households and allows for large reductions in the import of fossil fuels . The ADFD loan of US$ 15 million will contribute to the construction of a 6 MW solar power plant.

Apple (NASDAQ:AAPL) Given "Buy" Rating at Tigress Financial
The stock has a market cap of $1,370.80 billion, a P/E ratio of 26.39, a P/E/G ratio of 2.26 and a beta of 1.25. C M Bidwell & Associates Ltd. boosted its position in shares of Apple by 339.1% during the second quarter.

BCCI issues fitness updates on Bhuvneshwar Kumar, Prithvi Shaw
India are now playing a three-match ODI series with Australia and the Aaron Finch-led side have gained a 1-0 lead in the series. He played in a Ranji Trophy game earlier this month and during that contest, was withdrawn from the game due to an injury.

Fortnite Ninja Skin: How to Get it and What it Comes With
Fortnite maintenance is expected to last at least an hour and could be longer depending on how much is being done to the game. Ninja got his wish. "I really would like some new skins", Blevins stated on his Mixer stream while in a Duos queue.

Other news