Microsoft rolls out Windows 10 security patch after NSA revealed flaw that could be used for malicious software

January 15, 2020

Microsoft is rolling out a security fix to Windows 10 after the US National Security Agency (NSA) warned the popular operating system contained a highly dangerous flaw that could be used by hackers. Reporting the vulnerability represents a departure for the NSA from its past strategy of keeping security flaws under wraps to exploit for its own intelligence needs.

According to the guardian report, the NSA revealed during a press conference on Tuesday that the “serious vulnerability” could be used to create malicious software that appeared to be legitimate. The flaw “makes trust vulnerable”, the NSA director of cybersecurity, Anne Neuberger, said in a briefing call to media on Tuesday.

If the vulnerability had been successfully exploited, an attacker would have been able to conduct “man-in-the-middle attacks” and decrypt confidential information on user connections to the affected software, Microsoft said.

Microsoft said it had not seen any evidence that hackers had used the technique discovered by the NSA.

“Customers who have already applied the update, or have automatic updates enabled, are already protected,” said Jeff Jones, a senior director at Microsoft, in a statement.

The vulnerability has a broad reach: as of 2017, Windows 10 was used on 400m computers.

The Washington Post reported on Tuesday that the NSA had discovered the flaw in recent weeks and alerted Microsoft to the problem. The issue was announced on Microsoft’s January “Patch Tuesday”, the second Tuesday of each month, when the company typically releases security improvements for operating systems and other software.

More about the story here