The US National Security Agency (NSA) has found a massive security flaw in Microsoft's Windows 10 operating system. As per the recent reports, this issue was so huge that it could provide the cybercriminals with a window to intercept seemingly secure communications.
After receiving the notification from NSA, the tech giant Microsoft immediately rushed to fix the flaw and later released a statement clarifying that they haven't seen any evidence that hackers have used the technique.
The Windows vulnerability
While talking about Windows, it needs to be mentioned that after its debut in 2009, the company finally announced that they are ending support for Windows 7, which is the popular OS that continues to run on millions of devices in the world. All the users of Windows 7 have been receiving notification for over a year.
The tech company also encourages their customers to update Windows 10 by offering a free year of post-retirement updates to the users of the discontinued version with active Windows 10 subscriptions. But meanwhile when the vulnerability news appeared, it shocked many users.
As per the NSA advisory, "The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. The rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners."
Hacking threat
Microsoft stated said that a cybercriminal can exploit the vulnerability by spoofing a code-signing certificate to make it look like a file coming from a trusted source. In addition, it also mentioned that the Windows users would have no way of knowing that those files were malicious as the digital signature would appear to be from a trusted source.
It should be noted that if the exploitation was conducted then the hackers would have easily initiated "man-in-the-middle attacks," which is a type of spying attack and decrypt confidential information which the attackers intercept on user connections. Some Windows computers will receive the fix automatically if they have the automatic update option turned on, while others can get it manually by updating Windows in the computer's settings.
NSA played a key role
The technical director of the NSA's cybersecurity directorate, Neal Ziring said in a blog post that the agency shared the vulnerability with the tech company quickly after detecting the flaw. Priscilla Moriuchi, who retired from the NSA in 2017 mentioned that this is a good example of the "constructive role" that the agency can play in terms of improving global information security.
