NSA Finds Major Security Flaw in Windows 10, Free Fix Issued

The National Security Agency has discovered a major security flaw in Microsoft’s Windows 10 operating system that could let hackers intercept seemingly secure communications.

But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone.

Microsoft released a free software patch to fix the flaw Tuesday and credited the intelligence agency for discovering it. The company said it has not seen any evidence that hackers have used the technique.

Amit Yoran, CEO of security firm Tenable, said it is “exceptionally rare if not unprecedented” for the U.S. government to share its discovery of such a critical vulnerability with a company.

Yoran, who was a founding director of the Department of Homeland Security’s computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.

An advisory sent by the NSA on Tuesday said “the consequences of not patching the vulnerability are severe and widespread.

Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.

“The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider,” the company said.

If successfully exploited, attackers would have been able to conduct “man-in-the-middle attacks” and decrypt confidential information they intercept on user connections, the company said.

“The biggest risk is to secure communications,” said Adam Meyers, vice president of intelligence for security firm CrowdStrike.

Some computers will get the fix automatically, if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer’s settings.

Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA’s involvement. Microsoft and the NSA both declined to say when the agency privately notified the company.

The agency shared the vulnerability with Microsoft “quickly and responsibly,” Neal Ziring, technical director of the NSA’s cybersecurity directorate, said in a blog post Tuesday.

Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the “constructive role” that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it’s likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.

The revamping of what’s known as the “Vulnerability Equities Process” put more emphasis on disclosing vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.

Those changes happened after a mysterious group calling itself the “Shadow Brokers” released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to repair their systems. The U.S. believes that North Korea and Russia were able to capitalize on those stolen hacking tools to unleash devastating global cyberattacks.

‹

Big Tech is Paying Millions to Train Teachers on AI, in a Push to Bring Chatbots Into Classrooms

Microsoft, OpenAI and Anthropic are providing millions of dollars for AI training to the American Federation of Teachers, the country’s second-largest teachers union.

On Air Today: Rebecca Tippett of Carolina Demography

Carolina Demography's Rebecca Tippett joins 97.9 The Hill's Brighton McConnell to discuss the 2021 county population estimates recently shared by the U.S. Census Bureau.

Microsoft Exchange Hack Caused by China, US and Allies Say

Written by ERIC TUCKER The Biden administration and Western allies formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and accused Beijing of working with criminal hackers in ransomware attacks and other cyber operations. The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation […]

Boat Builder Buying NC Company, Seeks To Create 500 New Jobs

The world’s largest fishing and recreational boat builder on Thursday announced its acquisition of North Carolina-based Hatteras Yachts, with plans to upgrade Hatteras operations in New Bern as White River Marine Group seeks to boost saltwater vessel sales. WRMG, a subsidiary of the company that operates Bass Pro Shops and Cabela’s, aims to create 500 […]

North Carolina Unemployment Rate Falls to 5.2% In March

North Carolina’s unemployment rate fell sharply in March, state officials announced on Friday, as the number of people holding jobs grew by over 11,000 compared to the month before. The seasonally adjusted jobless rate decreased from 5.7% in February to 5.2%, the state Commerce Department said in a news release, marking sixth consecutive month of […]

Chapel Hill Fire Dept. Seeks New Recruits Amid Growing Community Need

Chapel Hill Fire is currently looking to add more firefighters to their department as several vacancies open up and the community’s need for service grows.

U.S. Employers Add 916,000 Jobs in March as Hiring Accelerates

Written by CHRISTOPHER RUGABER America’s employers unleashed a burst of hiring in March, adding 916,000 jobs in a sign that a sustained recovery from the pandemic recession is taking hold as vaccinations accelerate, stimulus checks flow through the economy and businesses increasingly reopen. The March increase — the most since August — was nearly double February’s […]

97.9 The Hill's Staff Picks: Alternate Universe Jobs Edition

Welcome to the sixth edition of 97.9 The Hill’s Staff Picks. This time, read on as your favorite staffers discuss the following prompt: What job would I fulfill if I didn’t work at 97.9 The Hill? You got that right – if for some reason the universe didn’t lead all of us to our home here […]

Orange County Needs Census Workers, Cautions Against Scams

The 2020 Census is about a month away and local government remains hard at work to make sure everyone gets counted. The census determines how $675 billion dollars of federal funding gets distributed. The U.S. Census Bureau has counted the countries’ population every 10 years since 1790. The money that North Carolina gets from federal […]

NSA Finds Major Security Flaw in Windows 10, Free Fix Issued

The National Security Agency has discovered a major security flaw in Microsoft’s Windows 10 operating system that could let hackers intercept seemingly secure communications. But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone. Microsoft released a free software patch […]

›