HT TECH wants to start sending you push notifications. Click allow to subscribe

Explained: Microsoft’s latest patch for millions of Windows users after NSA tip-off

Microsoft scrambled to fix a dangerous security exploit in Windows 10 after an alert by the US’ NSA.

By: HT CORRESPONDENT
Updated on: Jan 15 2020, 13:56 IST
Microsoft issues critical Windows security fix after tipoff from US NSA (Reuters)
Microsoft issues critical Windows security fix after tipoff from US NSA (Reuters)

The US' National Security Agency (NSA) said it had discovered a critical security flaw in Microsoft's Windows operating system. The flaw could have allowed cyber criminals to access users' private information or conduct surveillance. Microsoft said it had already released an update to fix the flaw.

What was the security flaw?

You may be interested in

Mobiles Tablets Laptops
2% OFF
Apple iPhone 15 Pro Max 1TB
  • Black Titanium
  • 8 GB RAM
  • 1 TB Storage
₹196,900₹199,999
Buy now
Apple iPhone 15 512GB
  • Black
  • 6 GB RAM
  • 512 GB Storage
₹109,900
Buy now
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
₹107,999₹149,999
Buy now
9% OFF
Apple iPhone 15 Plus 256GB
  • Black
  • 6 GB RAM
  • 256 GB Storage
₹90,990₹99,900
Buy now
7% OFF
Microsoft Surface Pro 8 8PV 00029
  • Graphite Black
  • 16 GB DDR4 RAM
  • 256 GB SSD
₹139,999₹149,999
Buy now
47% OFF
Microsoft Surface 4 5UI 00049
  • Platinum Silver
  • 8 GB DDR4 RAM
  • 256 GB SSD
₹98,000₹186,500
Buy now
6% OFF
Microsoft Surface Go THH 00023
  • Platinum
  • 8 GB DDR4 RAM
  • 128 GB SSD
₹94,799₹100,999
Buy now
2% OFF
Microsoft Surface Pro 7 Plus TFM 00013
  • Platinum
  • 8 GB RAM
  • 128 GB SSD
₹78,990₹80,999
Buy now
3% OFF
Apple iPad Pro 12 9 2022 WiFi 2TB
  • Silver
  • 16 GB RAM
  • 2 TB Storage
₹216,191₹222,900
Buy now
3% OFF
Apple iPad Pro 11 2022 WiFi 1TB
  • Silver
  • 16 GB RAM
  • 1 TB Storage
₹147,328₹151,900
Buy now
3% OFF
Apple iPad Pro 12 9 2022 WiFi plus Cellular 256GB
  • Silver
  • 8 GB RAM
  • 256 GB Storage
₹133,750₹137,900
Buy now
3% OFF
Apple iPad Pro 11 2022 WiFi plus Cellular 512GB
  • Silver
  • 8 GB RAM
  • 512 GB Storage
₹123,081₹126,900
Buy now

The security exploit was discovered in one of its oldest Windows cryptographic component known as "CryptoAPI."

Also read: Looking for a smartphone? To check mobile finder click here.

"An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," said Microsoft on its website.

The company said a successful exploit could have also allowed a hacker to launch "man-in-the-middle" attacks and even gain capabilities to decrypt private data on users' connections.

The NSA role

The NSA said it informed Microsoft shortly after the security flaw was discovered. The agency also ensured the company had enough time to release a fix.

The public disclosure of NSA's action on Windows' security exploit is seen as a big change in how the security agency handles such loopholes which otherwise could have allowed it a back-door entry.

The agency used an exploit called "EternalBlue" to conduct surveillance. The tool, however, landed up in hands of cybercriminals who launched global attacks such as NotPetya and WannaCry.

"This is . . . a change in approach . . . by NSA of working to share, working to lean forward and then working to really share the data as part of building trust," Anne Neuberger, director of the NSA's Cybersecurity Directorate told WashingtonPost. "As soon as we learned about [the flaw], we turned it over to Microsoft."

It is worth noting that Apple is currently engaged in another battle with the US authorities over giving an access to the Pensacola shooter's iPhones - similar to the tussle between the two over a shooting case in San Bernardino 2016.

"I do think backdoors are a terrible idea, that is not the way to go about this. We've always said we care about these two things: privacy and public safety. We need some legal and technical solution in our democracy to have both of those be priorities," Microsoft CEO Satya Nadella said earlier this week.

Should you be worried?

Microsoft said it had found no evidence to show that the bug was exploited by cyber criminals. Users, however, are recommended to update their Windows systems at the earliest.

"A security update was released on January 14, 2020 and customers who have already applied the update, or have automatic updates enabled, are already protected. As always we encourage customers to install all security updates as soon as possible," Jeff Jones, senior director at Microsoft is quoted as saying.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on ,Twitter, Facebook, , and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 15 Jan, 13:45 IST

Sale

Mobiles Tablets Laptops
9% OFF
Apple iPhone 13 512GB
  • Blue
  • 4 GB RAM
  • 512 GB Storage
₹81,900₹89,900
Buy now
9% OFF
Apple iPhone 13 Pro 512GB
  • Gold
  • 6 GB RAM
  • 512 GB Storage
₹81,900₹89,900
Buy now
9% OFF
Apple iPhone 13 Mini 512GB
  • Blue
  • 4 GB RAM
  • 512 GB Storage
₹81,900₹89,900
Buy now
27% OFF
Apple iPhone 12 256GB
  • Black
  • 4 GB RAM
  • 256 GB Storage
₹54,899₹74,900
Buy now
3% OFF
Apple iPad Pro 11 WiFi Cellular 512GB
  • Silver
  • 4 GB RAM
  • 512 GB Storage
₹108,900₹111,900
Buy now
3% OFF
Apple iPad Pro 11 WiFi 512GB
  • Silver
  • 4 GB RAM
  • 512 GB Storage
₹108,900₹111,900
Buy now
3% OFF
Apple iPad Pro 12 9 2021 WiFi plus Cellular 512GB
  • Silver
  • 8 GB RAM
  • 512 GB Storage
₹138,599₹142,900
Buy now
3% OFF
Apple iPad Pro 12 9 2022
  • Silver
  • 8 GB RAM
  • 128 GB Storage
₹124,050₹127,900
Buy now
29% OFF
Infinix INBook X2 Plus XL25 Laptop
  • Grey
  • 8 GB RAM
  • 512 GB SSD
₹38,990₹54,990
Buy now
9% OFF
HP Envy 13 X360 13 ag0035au 5FP71PA Laptop
  • Dark Ash Silver
  • 8 GB RAM
  • 256 GB SSD
₹78,699₹86,507
Buy now
31% OFF
Asus ROG Zephyrus G14 GA401QH HZ077TS Laptop
  • White
  • 8 GB RAM
  • 1 TB SSD
₹94,999₹137,990
Buy now
13% OFF
Lenovo Legion Pro 5 16IRX8 82WK00LPIN Laptop
  • Onyx Grey
  • 32 GB RAM
  • 1 TB SSD
₹135,999₹156,000
Buy now