- Click to share on Facebook (Opens in a new window)
- Click to share on Twitter (Opens in a new window)
- Click here to share on LinkedIn (Opens in a new window)
- Click to email a friend (Opens in a new window)
Microsoft urges users to update Windows 10 (August 2019) 0:25
Washington (CNN Business) - The US National Security Agency (NSA) recently alerted Microsoft to a major flaw in its Windows operating system, which could allow hackers to impersonate legitimate software companies Agency officials said Tuesday.
Microsoft released a software update on Tuesday to correct the vulnerability, as part of its normal program for launching software fixes .
The news about the vulnerability and the correction were first reported by freelance journalist Brian Krebs, who said Microsoft provided its software solution to key military and infrastructure companies before Tuesday's public launch.
Microsoft said in a statement Monday night that it provides advanced versions of its updates to some users under a special test program. Jeff Jones, senior director of Microsoft, declined to discuss specific details of the failure "to avoid unnecessary risks to customers."
The company did not immediately respond to a request for comment on Tuesday.
READ : Microsoft sends warning: you must update Windows to solve critical security problems (2019)
The NSA's rare announcement about the failure, along with its decision to warn Microsoft instead of exploiting the error for intelligence purposes, underscores the magnitude of the threat it could pose to businesses, consumers and government agencies around the world.
The NSA said that while it has shared vulnerability information with the private sector in the past, this is the first time it has been publicly presented to do so. The Agency said the decision reflects an effort to build trust with cybersecurity researchers.
"Part of building trust is showing the data," Anne Neuberger, director of Cybersecurity for the NSA, told reporters at a conference call on Tuesday. Because the NSA has never allowed it to be linked to a vulnerability disclosure, he said, “it is difficult for entities to trust that we take this seriously. And ensuring that vulnerabilities can be mitigated is an absolute priority. ”
The NSA did not use the vulnerability to exploit rivals, and the flaw was alerted to Microsoft as soon as it was discovered, Neuberger added. She said the NSA has not detected any other entity that uses the fault.
The Department of Homeland Security said in the call that it would issue a newsletter to federal agencies advising them to install Microsoft corrections immediately.
READ : Apple, Google, Microsoft, Dell and Tesla are sued for alleged child labor in the Democratic Republic of the Congo
The flaw refers to a central Windows function that verifies the legitimacy of applications and programs, a feature known as CryptoAPI.
"It is the equivalent of a building security desk that verifies identifications before allowing a contractor to come and install new equipment," said Ashkan Soltani, a security expert and former chief technologist at the Federal Trade Commission.
By compromising that validation function, hackers could pose as "good" software companies to install malicious software, Soltani said, which would allow them to spy on computer users or retain their devices as hostages.
Microsoft