NSA alerted Microsoft to major Windows security flaw

Posted Tuesday, 14 January 2020 ‐ CNN

Washington, DC (CNN Business)The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies, agency officials said on Tuesday. Microsoft (MSFT) issued a software update on Tuesday to fix the vulnerability, as part of its normal schedule for releasing softwarepatches.News of the vulnerability and patch were first reported by independent journalist Brian Krebs, who said Microsoft provided its software fix to the military and key infrastructure companies ahead of Tuesday's public release. Microsoft said in a statement Monday night that it provides advance versions of its updates to some users under a special testing program. Jeff Jones, a senior director at Microsoft, declined to discuss specifics of the flaw "to prevent unnecessary risk to customers." The company did not immediately respond to a request for comment on Tuesday. The NSA's rare announcement of the flaw, along with its decision to warn Microsoft rather than exploit the bug for intelligence purposes, underscores the magnitude of the threat it could pose to businesses, consumers and government agencies worldwide. The NSA said that, while it has shared vulnerability information with the private sector in the past, this marks the first time that it has come forward publicly to do so. The agency said thedecision reflects an effort to build trust with cybersecurity researchers."Part of building trust is showing the data," Anne Neuberger, the NSA's director of cybersecurity, told reporters on a conference call Tuesday. Because the NSA has never allowed itself to be linked to a vulnerability disclosure, she said, "it's hard for entities to trust that we take this seriously. And ensuring vulnerabilities can be mitigated is an absolute priority."The NSA did not use the vulnerability to exploit adversaries, and the bug was turned over to Microsoft as soon as it was discovered, Neuberger added. She said the NSA has not detected any other entities using the bug.The Department of Homeland Security said on the call that it would issue a bulletin to federal agencies advising them to install the Microsoft patches immediately.The flaw concerns a core Windows function that verifies the legitimacy of apps and programs, a feature known as CryptoAPI. "It's the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment," said Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission. By compromising that validation feature, hackers could easily impersonate "good" software companies to install bad software, Soltani said, potentially allowing them to spy on computer users or hold their devices hostage for ransom.

Other articles published by CNN

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Puerto Rico Gov. Wanda Vázquez announced Sunday the dismissal of two more cabinet members --- her secretaries of family services, Glorimar Andújar, and housing, Fernando Gil-Enseñat.The move comes after the discovery of a warehouse filled with...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)The third horse in three days -- the fourth this month -- was put to death at Santa Anita Park in California Sunday, according to a state horse racing board spokesman.The 3-year-old horse, named Tikkun Olam, "was involved in a head-on collision with ...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Heath Ledger is gone but certainly not forgotten. At Sunday's SAG Awards, the late actor received a heartfelt shout out from actor Joaquin Phoenix as the "Joker" star accepted the award for best performance by a male actor in a leading role. Ledger...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)The Kansas City Chiefs will play the San Francisco 49ers in the Super Bowl LIV next month. The Chiefs won the AFC Championship game, defeating the Tennessee Titans 35-24 Sunday at Arrowhead Stadium in Kansas City, Missouri. The 49ers defeated the...

Posted Monday, 20 January 2020 ‐ CNN

Hong Kong (CNN Business)Chinese pharmaceutical stocks skyrocketed Monday as China reported more than 100 new cases of pneumonia caused by a new strain of coronavirus.Jiangsu Bioperfectus Technologies, a company that recently said it has created a drug...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Chicago animal control services say the coyote they captured earlier this month is the same one that bit a 6-year-old boy. The animal had been shot in the chest with a BB gun, "which could have caused the limp in its movements as well as the...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Robert De Niro reserves his right to speak up, so that's exactly what he did in his SAG Awards speech on Sunday night. While accepting his lifetime achievement award, the legendary actor voiced his support for his union and called on voters to look...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)A New Jersey fire department's pit bull just became the first of its breed to become an arson detection K9 officer.Hansel, a 4-year-old pup known for his cheerful energy and constant kisses, graduated from training on Friday, officially becoming a...

Posted Monday, 20 January 2020 ‐ CNN

Hong Kong (CNN)China has reported 139 new cases of pneumonia caused by a new strain of coronavirus, including a third death, as the outbreak spreads beyond the city where the virus was first identified. Health authorities in Beijing confirmed two cases...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Brad Pitt probably doesn't need help getting people to swipe right on Tinder, but a SAG Award can't hurt, right? On Sunday, the "Once Upon a Time... in Hollywood" actor picked up the SAG Award for outstanding performance by a male actor in a...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Americana singer and songwriter David Olney, whose music was recorded by Linda Ronstadt, Steve Young, Emmylou Harris and others, died of an apparent heart attack while performing on stage in Florida Saturday, according to a statement on his website. ...

Posted Monday, 20 January 2020 ‐ CNN

Austin (CNN)President Donald Trump touted his two recent trade policies Sunday night at the American Farm Bureau Federation's annual conference, but his biggest applause line came when he went off script to talk about impeachment. "We're achieving what...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Senate Minority Leader Chuck Schumer said Sunday night that "we will force votes on witnesses and documents" in the impeachment trial against President Donald Trump that gets underway in earnest this week."And it will be up to four Republicans to...

Posted Monday, 20 January 2020 ‐ CNN

This analysis was excerpted from the January 20 edition of CNN's Meanwhile in America, the daily email about US politics for global readers. Sign up here to receive it every weekday morning. (CNN)As Donald Trump sees it, America lucked out with a good...

Posted Monday, 20 January 2020 ‐ CNN

(CNN)Amazon comedies swept their way through early TV prizes at the Screen Actors Guild Awards, including the second consecutive best ensemble win for "The Marvelous Mrs. Maisel" and actor Tony Shalhoub, and Phoebe Waller-Bridge for the Emmy-winning...