Explained: Microsoft’s latest patch for millions of Windows users after NSA tip-off | HT Tech

Explained: Microsoft’s latest patch for millions of Windows users after NSA tip-off

Microsoft scrambled to fix a dangerous security exploit in Windows 10 after an alert by the US’ NSA.

By: HT CORRESPONDENT
| Updated on: Jan 15 2020, 13:56 IST
Microsoft issues critical Windows security fix after tipoff from US NSA
Microsoft issues critical Windows security fix after tipoff from US NSA (Reuters)

The US' National Security Agency (NSA) said it had discovered a critical security flaw in Microsoft's Windows operating system. The flaw could have allowed cyber criminals to access users' private information or conduct surveillance. Microsoft said it had already released an update to fix the flaw.

What was the security flaw?

You may be interested in

MobilesTablets Laptops
2% OFF
Apple iPhone 15 Pro Max 1TB
  • Black Titanium
  • 8 GB RAM
  • 1 TB Storage
Apple iPhone 15 512GB
  • Black
  • 6 GB RAM
  • 512 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
9% OFF
Apple iPhone 15 Plus 256GB
  • Black
  • 6 GB RAM
  • 256 GB Storage

The security exploit was discovered in one of its oldest Windows cryptographic component known as "CryptoAPI."

Also read
Looking for a smartphone? To check mobile finder click here.

"An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," said Microsoft on its website.

The company said a successful exploit could have also allowed a hacker to launch "man-in-the-middle" attacks and even gain capabilities to decrypt private data on users' connections.

The NSA role

The NSA said it informed Microsoft shortly after the security flaw was discovered. The agency also ensured the company had enough time to release a fix.

The agency used an exploit called "EternalBlue" to conduct surveillance. The tool, however, landed up in hands of cybercriminals who launched global attacks such as NotPetya and WannaCry.

"This is . . . a change in approach . . . by NSA of working to share, working to lean forward and then working to really share the data as part of building trust," Anne Neuberger, director of the NSA's Cybersecurity Directorate told WashingtonPost. "As soon as we learned about [the flaw], we turned it over to Microsoft."

It is worth noting that Apple is currently engaged in another battle with the US authorities over giving an access to the Pensacola shooter's iPhones - similar to the tussle between the two over a shooting case in San Bernardino 2016.

"I do think backdoors are a terrible idea, that is not the way to go about this. We've always said we care about these two things: privacy and public safety. We need some legal and technical solution in our democracy to have both of those be priorities," Microsoft CEO Satya Nadella said earlier this week.

Should you be worried?

Microsoft said it had found no evidence to show that the bug was exploited by cyber criminals. Users, however, are recommended to update their Windows systems at the earliest.

"A security update was released on January 14, 2020 and customers who have already applied the update, or have automatic updates enabled, are already protected. As always we encourage customers to install all security updates as soon as possible," Jeff Jones, senior director at Microsoft is quoted as saying.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 15 Jan, 13:45 IST
NEXT ARTICLE BEGINS