NSA alerted Microsoft to major Windows security flaw

Posted Tuesday, 14 January 2020 ‐ CNN

Washington, DC (CNN Business)The National Security Agency recently alerted Microsoft to a major flaw in its Windows operating system that could let hackers pose as legitimate software companies, agency officials said on Tuesday. Microsoft (MSFT) issued a software update on Tuesday to fix the vulnerability, as part of its normal schedule for releasing softwarepatches.News of the vulnerability and patch were first reported by independent journalist Brian Krebs, who said Microsoft provided its software fix to the military and key infrastructure companies ahead of Tuesday's public release. Microsoft said in a statement Monday night that it provides advance versions of its updates to some users under a special testing program. Jeff Jones, a senior director at Microsoft, declined to discuss specifics of the flaw "to prevent unnecessary risk to customers." The company did not immediately respond to a request for comment on Tuesday. The NSA's rare announcement of the flaw, along with its decision to warn Microsoft rather than exploit the bug for intelligence purposes, underscores the magnitude of the threat it could pose to businesses, consumers and government agencies worldwide. The NSA said that, while it has shared vulnerability information with the private sector in the past, this marks the first time that it has come forward publicly to do so. The agency said thedecision reflects an effort to build trust with cybersecurity researchers."Part of building trust is showing the data," Anne Neuberger, the NSA's director of cybersecurity, told reporters on a conference call Tuesday. Because the NSA has never allowed itself to be linked to a vulnerability disclosure, she said, "it's hard for entities to trust that we take this seriously. And ensuring vulnerabilities can be mitigated is an absolute priority."The NSA did not use the vulnerability to exploit adversaries, and the bug was turned over to Microsoft as soon as it was discovered, Neuberger added. She said the NSA has not detected any other entities using the bug.The Department of Homeland Security said on the call that it would issue a bulletin to federal agencies advising them to install the Microsoft patches immediately.The flaw concerns a core Windows function that verifies the legitimacy of apps and programs, a feature known as CryptoAPI. "It's the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment," said Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission. By compromising that validation feature, hackers could easily impersonate "good" software companies to install bad software, Soltani said, potentially allowing them to spy on computer users or hold their devices hostage for ransom.

Other articles published by CNN

Posted Monday, 25 May 2020 ‐ CNN

(CNN)Rwanda has introduced robots as part of its fight against coronavirus.With 314 confirmed cases of the virus as of May 22, the East African country has enlisted the help of five anti-epidemic robots to battle the virus. The robots were donated by the ...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)It was a mouth-watering prospect for sports-starved fans everywhere. Four of the greatest athletes the world has ever known, on the golf course at the same time, offering us a glimpse of who they are when they aren't winning Major Championships and...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)A Texas community hit by terrible tragedy months ago came together over the weekend to celebrate a survivor's first birthday.Paul Gilbert Anchondo was two months old when his parents died shielding him from a shooter at an El Paso, Texas, Walmart on ...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)Several members of the graduating class at The Lovett School in Atlanta, Georgia, have tested positive for Covid-19, according to a letter from the school."The school has been notified by several Class of 2020 families that their students have...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)Just when you thought you'd learned how to spell Grimes and Elon Musk's unusual baby name, they've gone and changed it.Earlier this month, Tesla and SpaceX CEO Musk announced the birth of the baby boy in a post on Twitter, revealing his son was...

Posted Monday, 25 May 2020 ‐ CNN

In this weekly column "Cross Exam," Elie Honig, a CNN legal analyst and former federal and state prosecutor, gives his take on the latest legal news. Post your questions below. The views expressed in this commentary are his own. View more opinion on CNN. ...

Posted Monday, 25 May 2020 ‐ CNN

Rome (CNN)"The doctors were shocked. They said they had never seen anything like this," says Valentina Vigilante, recalling the terrifying day her 6-year-old son Nicolò was rushed into intensive care in Bergamo, northern Italy, as he struggled to...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)Vanessa Bryant, wife of the late Kobe Bryant, shared a sweet moment this Memorial Day weekend -- a film of their baby daughter's first steps. In a video posted to Instagram, 11-month-old Capri stumbles across the room for the first time, into the...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)With two barren peaks that rise only about 170 feet above sea level, the now extinct Pūhāhonu volcano in the Northwestern Hawaii Islands doesn't look like much. This is especially true since in the same archipelago, Mauna Loa towers over every...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)Photos and video of Memorial Day weekend celebrations across the US showed plenty of people going to the beach and gathering on boardwalks, but not a lot of people social distancing or wearing masks. From Florida to Indiana and across the country to ...

Posted Monday, 25 May 2020 ‐ CNN

Hong Kong (CNN Business)An online grocery business backed by Asia's richest man is expanding to hundreds of cities across India — a move widely seen as a challenge to Amazon (AMZN) and FlipKart.JioMart, the grocery platform owned by Mukesh Ambani's Jio ...

Posted Monday, 25 May 2020 ‐ CNN

(Kaiser Health News)As states relax coronavirus restrictions, older adults are advised, in most cases, to keep sheltering in place. But for some, the burden of isolation and uncertainty is becoming hard to bear.This "stay at home awhile longer" advice...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)As warm weather sends people outdoors, some are encountering tenacious pests with no respect for social distance. Forget staying 6 feet apart: Ticks go for blood in the hardest-to-reach places on the human body. Many of those ticks are infected with ...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)At a glance, it may look like many Americans have long forgotten about the dangers of coronavirus.Crowds packed beaches in Florida, Maryland, Georgia, Virginia and Indiana over the weekend -- many venturing out without masks and others failing to...

Posted Monday, 25 May 2020 ‐ CNN

(CNN)At first glance, Shelley Allwang's cubicle looks just like any other office space.But alongside a pinboard full of tchotchkes and a photo of her dog, sits a story that reminds Allwang of the importance of her job, now more than ever. "The Boy and...