NSA Discovers Major Security flaw in Microsoft's Windows 10

The United State‘s National Security Agency recently found a significant security flaw in its operating system, Windows 10. As you may have guessed, the vulnerability could enable hackers to intercept user information.

Although the government agency could have exploited the flaw for its intelligence needs, it chose to report it to Microsoft. That way, the tech company was able to release a software patch to fix its system.

The NSA‘s transparency came as a surprise to a few security experts. CEO of a security firm, Tenable, Amit Yoran, pointed out that It’s “exceptionally rare if not unprecedented” for the agency to share its discovery of such a critical vulnerability with a company.

But, Yoran also stated that companies must patch their systems quickly. Similarly, the NSA released an advisory on Tuesday, which reads: “the consequences of not patching the vulnerability are severe and widespread.”

Meanwhile, Microsoft already issued a solution.

A Free Software Patch to Fix the Security Flaw

On Tuesday, Microsoft released a software patch to fix the vulnerability in its operating system.

Aside from crediting the NSA for discovering the flaw, the tech giant also reassured its users. Microsoft says that there’s no evidence that hackers have exploited the security vulnerability yet.

According to the Windows maker, an attacker that wants to exploit the security flaw would have to spoof a code-signing certificate. That way, it’ll look like a file came from a trusted source.

The company said:

“The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider.”

Microsoft further explained that a successful exploit would enable the hacker to perform a “man-in-the-middle attacks.” The attacker would be able to decrypt confidential information on user connection, says the company.

Some computers with automatic update option turned on will get the software patch automatically. However, others may perform a manual update through their computer settings.

The U.S. recently revamped what’s known as the Vulnerability Equities Process. That means organizations are obliged to disclose unpatched vulnerabilities whenever possible to protect core internet systems, the U.S. economy, and the general public.