Technology 2 min read

NSA Discovers Major Security flaw in Microsoft's Windows 10

The U.S. National Security Agency just discovered a security flaw in Microsoft's Windows 10 OS. Make sure to install the latest security patch!

charnsitr / Shutterstock.com

charnsitr / Shutterstock.com

The United State‘s National Security Agency recently found a significant security flaw in its operating system, Windows 10. As you may have guessed, the vulnerability could enable hackers to intercept user information.

Although the government agency could have exploited the flaw for its intelligence needs, it chose to report it to Microsoft. That way, the tech company was able to release a software patch to fix its system.

The NSA‘s transparency came as a surprise to a few security experts. CEO of a security firm, Tenable, Amit Yoran, pointed out that It’s “exceptionally rare if not unprecedented” for the agency to share its discovery of such a critical vulnerability with a company.

But, Yoran also stated that companies must patch their systems quickly. Similarly, the NSA released an advisory on Tuesday, which reads: “the consequences of not patching the vulnerability are severe and widespread.”

Meanwhile, Microsoft already issued a solution.

A Free Software Patch to Fix the Security Flaw

On Tuesday, Microsoft released a software patch to fix the vulnerability in its operating system.

Aside from crediting the NSA for discovering the flaw, the tech giant also reassured its users. Microsoft says that there’s no evidence that hackers have exploited the security vulnerability yet.

According to the Windows maker, an attacker that wants to exploit the security flaw would have to spoof a code-signing certificate. That way, it’ll look like a file came from a trusted source.

The company said:

“The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider.”

Microsoft further explained that a successful exploit would enable the hacker to perform a “man-in-the-middle attacks.” The attacker would be able to decrypt confidential information on user connection, says the company.

Some computers with automatic update option turned on will get the software patch automatically. However, others may perform a manual update through their computer settings.

The U.S. recently revamped what’s known as the Vulnerability Equities Process. That means organizations are obliged to disclose unpatched vulnerabilities whenever possible to protect core internet systems, the U.S. economy, and the general public.

Read More: Researchers Uncover Major TikTok Security Flaws

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Least Recent least recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.