NSA alerted Microsoft to major Windows 10 security flaw

The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software co...

Posted: Jan 14, 2020 6:28 PM
Updated: Jan 15, 2020 10:15 PM

The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies, agency officials said on Tuesday.

Microsoft issued a software update on Tuesday to fix the vulnerability, as part of its normal schedule for releasing software patches.

News of the vulnerability and patch were first reported by independent journalist Brian Krebs, who said Microsoft provided its software fix to the military and key infrastructure companies ahead of Tuesday's public release.

Microsoft said in a statement Monday night that it provides advance versions of its updates to some users under a special testing program. Jeff Jones, a senior director at Microsoft, declined to discuss specifics of the flaw 'to prevent unnecessary risk to customers.'

The company did not immediately respond to a request for comment on Tuesday.

The NSA's rare announcement of the flaw, along with its decision to warn Microsoft rather than exploit the bug for intelligence purposes, underscores the magnitude of the threat it could pose to businesses, consumers and government agencies worldwide.

The NSA said that, while it has shared vulnerability information with the private sector in the past, this marks the first time that it has come forward publicly to do so. The agency said the decision reflects an effort to build trust with cybersecurity researchers.

'Part of building trust is showing the data,' Anne Neuberger, the NSA's director of cybersecurity, told reporters on a conference call Tuesday. Because the NSA has never allowed itself to be linked to a vulnerability disclosure, she said, 'it's hard for entities to trust that we take this seriously. And ensuring vulnerabilities can be mitigated is an absolute priority.'

The NSA did not use the vulnerability to exploit adversaries, and the bug was turned over to Microsoft as soon as it was discovered, Neuberger added. She said the NSA has not detected any other entities using the bug.

The Department of Homeland Security said on the call that it would issue a bulletin to federal agencies advising them to install the Microsoft patches immediately.

The flaw concerns a core Windows function that verifies the legitimacy of apps and programs, a feature known as CryptoAPI.

'It's the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,' said Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission.

By compromising that validation feature, hackers could easily impersonate 'good' software companies to install bad software, Soltani said, potentially allowing them to spy on computer users or hold their devices hostage for ransom.

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 768624

Reported Deaths: 13993
CountyCasesDeaths
Marion1055891807
Lake569801031
Allen43032699
St. Joseph37344568
Hamilton37335426
Elkhart29783470
Tippecanoe23503230
Vanderburgh23240405
Porter19580327
Johnson18843392
Hendricks18089323
Madison13575347
Clark13552198
Vigo12869256
LaPorte12578225
Monroe12575178
Delaware11155198
Howard10693237
Kosciusko9792124
Hancock8761150
Bartholomew8274157
Warrick8084157
Floyd8043182
Grant7378181
Wayne7239201
Boone7211105
Morgan6924143
Marshall6345117
Dubois6283118
Cass6096112
Dearborn602178
Noble600890
Henry5958111
Jackson517277
Shelby511598
Lawrence4928127
Gibson463696
Montgomery459292
DeKalb456785
Clinton456055
Harrison454077
Huntington417882
Whitley416745
Steuben411260
Miami406073
Jasper401655
Knox388691
Putnam385762
Wabash370384
Adams353856
Ripley351971
Jefferson343487
White340154
Daviess3089100
Wells304081
Greene295185
Decatur292693
Fayette286564
Posey282635
Scott281058
LaGrange277772
Clay274949
Washington254637
Randolph247783
Jennings239749
Spencer238731
Fountain235850
Starke229959
Owen222959
Sullivan221643
Fulton208945
Jay203032
Carroll197722
Orange191756
Perry189939
Vermillion181144
Rush177627
Tipton173347
Franklin172535
Parke155916
Pike142534
Blackford138032
Pulaski123748
Newton123336
Benton109715
Brown106243
Crawford105816
Martin92515
Warren87915
Switzerland8378
Union73610
Ohio58411
Unassigned0429

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 1125420

Reported Deaths: 20490
CountyCasesDeaths
Franklin1305631493
Cuyahoga1173952263
Hamilton825481261
Montgomery536581062
Summit489381014
Lucas43799834
Butler40064614
Stark33876939
Lorain26072510
Warren24959312
Mahoning22738613
Lake21482396
Clermont20425261
Delaware19169138
Licking16879227
Trumbull16829492
Fairfield16825207
Medina15880276
Greene15565254
Clark14366308
Portage13450218
Wood13358201
Allen12064245
Richland11748213
Miami11047228
Wayne9275228
Columbiana9216236
Muskingum9144137
Pickaway8755123
Tuscarawas8724255
Marion8716140
Erie8146166
Ashtabula7280179
Hancock7050135
Ross7031165
Geauga6975153
Scioto6726108
Belmont6224179
Lawrence5964104
Union591649
Jefferson5729162
Huron5644122
Sandusky5498130
Darke5448131
Seneca5380128
Washington5373111
Athens527260
Auglaize507787
Mercer491785
Shelby484397
Knox4621113
Madison448066
Ashland446198
Defiance439499
Fulton436875
Putnam4358104
Crawford4120111
Brown410462
Preble3956107
Logan392279
Clinton391466
Ottawa376481
Highland366668
Williams357378
Champaign349860
Guernsey331554
Jackson321954
Perry299050
Morrow294943
Fayette289350
Hardin279665
Henry277467
Coshocton273061
Holmes2726102
Van Wert252365
Gallia251150
Adams250958
Pike244837
Wyandot235557
Hocking222963
Carroll201449
Paulding180142
Meigs151540
Monroe137945
Noble137939
Harrison115438
Morgan111724
Vinton87517
Unassigned04
Fort Wayne
Partly Cloudy
84° wxIcon
Hi: 85° Lo: 71°
Feels Like: 90°
Angola
Mostly Cloudy
81° wxIcon
Hi: 82° Lo: 70°
Feels Like: 85°
Huntington
Cloudy
82° wxIcon
Hi: 85° Lo: 72°
Feels Like: 87°
Decatur
Partly Cloudy
84° wxIcon
Hi: 85° Lo: 73°
Feels Like: 90°
Van Wert
Partly Cloudy
84° wxIcon
Hi: 86° Lo: 73°
Feels Like: 89°
Cooler and drier air settles in across the region to round out the work week.
WFFT Radar
WFFT Temperatures
WFFT National

Community Events