The officials organization said on Tuesday, Washington DC. The National Security Agency now warned Microsoft to a main fault in its Windows operating system that would let hackers imaginary to be genuine software companies.
On Tuesday Microsoft (MSFT) allowed a software update to speaking the vulnerability, as part of its normal cover release program.
Jeff Jones, senior director at Microsoft, declined to discuss the details of the flaw “to avoid needless danger to customers”.Microsoft said that on Monday evening it was providing advanced kinds of its updates to positive users as part of a special testing program.
The news of the vulnerability and the patch Brian Krebs, was first reported by self-employed reporter who said that Microsoft had provided its cover to the military and key organization before Tuesday’s release.
On Tuesday the company did not reply directly to a request for comment .
Its Decision to Warn Microsoft Instead of Exploiting the Bug for Intelligence Purposes ,and NSA’s Rare Declaration of the Vulnerability. Highlights Threat It Might Be for Business, Customers and government activities around the whole world.
The Department of Homeland Security said that it would issue a statement to civic organizations counseling them to directly install the Microsoft covers on during the call.
The organization said the decision exposes the struggle to build belief with cyber security researchers , this is the first time that it has come forward publicly to do so. The NSA said that, while it has shared info about vulnerability with the private sector in the previous years .
“Part of building sureness is viewing the data,” Anne Neuberger, director of cyber security for the NSA, told reporters on Tuesday. She said the NSA has never allowed itself to be linked to a vulnerability release, because “it is difficult for things to believe that we are taking this seriously. And ensuring that the liabilities can be moderated is a top priority. ”
She said the NSA did not detect any other entity using the bug. The NSA did not use the weakness to feat challengers, The Microsoft as soon as it was exposed the bug was free to added Neuberger.
The function identified as CryptoAPI a flaw concerns a central Windows function that checks the legality of applications and programs, The flaw concerns a central Windows function that checks the legality of applications and programs.
By cooperating this proof functionality, hackers could simply copy “good” software sellers to connect bad software, said Soltani, possibly allowing them to detective on computer operators or keep their devices captive. against payment.
Security expert and former chief technologist at the Federal Trade Commission , said Ashkan Soltani .
“It’s the equal of a building security office that proves characters before allowing a servicer to collect and connect new tools.