Microsoft Addresses Critical Windows Security Flaw That Was Identified By The US NSA

One can now use the Windows operating system from Microsoft confidently after the United States based software giant said that it had plugged the loophole that was identified in this widely used Windows operating system all across the world. The National Security Agency of the US was the first to alert the company about the flaw in the security system of the operating system and Microsoft has announced it has already made the fix to the threat.

The loophole identified in the Windows operating system could have given a hacker the access to forge digital certificates used by some versions of Windows that is used for authentication and securing of data, Microsoft said. There could have been serious consequences for Windows systems and users is a hacker decided to exploit the flaw.

No evidence that the flaw had previously been abused has been found by them, The NSA and Microsoft both said. However both the organizations also called upon users to deploy the fix by Microsoft as soon as possible to the operating system. Operators of classified networks have been already urged to get the update installed – NSA official Anne Neuberger said and added that everyone else should now “expedite the implementation of the patch.”

This is the first occasion that a public claim of credit has been made by the NSA with regards to prompting a software security update. However on earlier occasions, the agency had alerted companies about flaws and security issues in their products, the NSA said. The aim of such activities by the US NSA was to be able to achieve more transparency among the information security research community, Neuberger said.

“Part of building trust is showing the data,” she told reporters in a call just minutes before the patch went live.

The move was unprecedented, experts said. .

“I have never seen this before,” said Tenable Chief Executive Amit Yoran, who has earlier taken the role of a founding director of the US Computer Emergency Readiness Team. “I cannot think of a single instance where government shared a zero-day with a vendor and took credit for it,” he said in an email reply to the media.

With regards to such vulnerabilities, a balancing act is expected from the NSA.  On an earlier occasion, there was heavy criticism of the agency when it has taken advantage, through its cyberspies, of vulnerabilities in Microsoft products and as it had deployed hacking tools against adversaries while not mentioning anything about it to the Redmond, Washington-based company for a number of years at a stretch.

In 2016, hackers of all stripes had deployed one such tool against targets around the globe after the tool was dramatically leaked to the internet.

While not mentioning anything directly about the controversy s=during her all, Neuberger said that the NSA hoped to be “a good cybersecurity partner.”

“We’re working to evolve our mission,” she said.

(Adapted from JapanToday.com)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s