The National Security Agency (NSA) has reportedly alerted Microsoft that there’s a major flaw in the Windows operating system and this vulnerability could affect the Windows 10 operating system, and the Windows Server 2016.
Microsoft has neither confirmed nor report that this flaw raised has been addressed but Microsoft senior director Jeff Jones released a statement:
“We follow the principles of coordinated vulnerability disclosure as the industry best practice to protect our customers from reported security vulnerabilities and to prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available.”
Furthermore, later in the day, NSA released a statement and confirmed that Microsoft had released several patches and urged everyone to install the updates, as the vulnerability in question was a very serious issue that should not be looked down on.
The statement further stated that “NSA contributed to addressing this problem by discovering and characterizing the vulnerability, and then sharing with Microsoft quickly and responsibly”.
Finally, the statement reads “The company has provided the solution, and now all of us need to adopt it.”
In other development, Brian Krebs reported that “so far, there has been no active report/exploitation of this vulnerability.”
According to NSA, the vulnerability detected relates to a problem with digital signatures and the code in question reportedly has a flaw in the way it verified digital signatures, which gives hackers the leverage to potentially duplicate or forge the signature and hack the software from the spot.
The issue became more pronounced when on Monday Will Dormann tweeted that people should definitely update their Microsoft software when an update is available or risk being hacked.
Brain Krebs further stated that “This will, apparently, be part of a new initiative at the NSA will be pushing and it’s called “Turn a New Leaf”.”
Finally, Kreb also said that “this is also an attempt to show a more public-service-y side to the NSA by making its vulnerability research available to the public.”
Featured Image: theverge
Don’t miss important articles during the week. Subscribe to cfamedia weekly newsletter for updates.