Announcement

Collapse
No announcement yet.

Microsoft to patch NSA reported vulnerability

Collapse
X
Collapse
  •  

  • Microsoft to patch NSA reported vulnerability


    https://www.tomsguide.com/news/micro...-tuesday-jan20




     




    I first saw this reported on CNBC of all places.  According to that report, which I can’t seem to link, it was interesting because the NSA does not normally report vulnerabilities it finds.  It’s possible this is old news.






    pasting the body copy from the CNBC article because it’s all I can link.  It’s apparently confirmed at least as to the subject by the tomsguide article.  I can’t speak to the accuracy of either myself.




    Quote





    Microsoft will patch Windows 10 after the NSA quietly told it about a major vulnerability




    Microsoft will release a patch Tuesday for a significant flaw in the Windows operating system, according to intelligence officials and a report.




    The National Security Agency told Microsoft about the flaw.




    The cooperation is somewhat of a departure. In the past the NSA has kept some flaws secret to use them as part of the U.S. tech arsenal. 




    The National Security Agency alerted Microsoft in recent weeks to a significant issue affecting its Windows 10 operating system, ubiquitous within corporations and among consumers, two senior federal cybersecurity officials told CNBC.




    The flaw affected encryption of digital signatures used to authenticate content, including software or files. If exploited, the flaw could allow criminals to send malicious content with fake signatures that make it appear safe. The finding was reported earlier by the Washington Post.




    It was unclear how long the NSA knew about the flaw before reporting it to Microsoft. The cooperation, however, is a departure from past interactions between the NSA and major software developers like Microsoft. In the past, the top security agency has kept some major vulnerabilities secret in order to use them as part of the U.S. tech arsenal.




    Microsoft did not immediately respond to request for comment.




    According to the Post, the NSA said in a Tuesday morning call with cybersecurity experts that Microsoft will report that it had not seen any exploitation of the flaw. The NSA is expected to announce its findings later on Tuesday.




    Follow @CNBCtech on Twitter for the latest tech industry news.






     



    More...
      Posting comments is disabled.

    Categories

    Collapse

    Article Tags

    Collapse

    Latest Articles

    Collapse

    Working...
    X