REDMOND, Washington, USA (AP) – The US National Security Agency has detected a serious security flaw in Microsoft’s Windows system, the company said Tuesday.
–
On Tuesday, Microsoft offered a way to repair the fault and thanked the agency for discovering it.
The company said it has not seen any indication that hackers have taken advantage of the hole.
The company said the problem affected Windows 10, the latest version of its operating system. He added that an aggressor could exploit that vulnerability by mimicking a code signing certification to make it appear that the file came from a reliable source.
“The user would have no way of knowing that the file was malicious because the digital signature would apparently come from a reliable provider,” he said.
An aggressor able to take advantage of the failure could have made “intermediary attacks” and decode confidential information on user connections to the affected programs, the company said.
Some computers will automatically get the free update if they have that option on. Others can do it manually.
Priscilla Moriuchi, who retired from the National Security Agency (NSA) in 2017 after leading her department in East Asia and the Pacific, described what happened as an example of the “constructive role” that entity can play in strengthening cybersecurity to world level
Moriuchi, today an analyst at the company Recorded Future, estimated that it is a reflection of the changes adopted in 2017 on ways in which the United States decides whether to reveal a technological flaw or take advantage of it for its intelligence purposes.
–
