/National Security: What you need to know about the Microsoft Windows 10 patch
National Security: What you need to know about the Microsoft Windows 10 patch

National Security: What you need to know about the Microsoft Windows 10 patch

National Security:

, USA TODAY
Published 2: 23 p.m. ET Jan. 14, 2020 | Updated 1: 05 p.m. ET Jan. 16, 2020

CLOSE

Microsoft unveiled the Xbox Series X, the next version of its popular Xbox console, will launch during the 2020 holiday season.

USA TODAY

Microsoft has released a patch for its Windows 10 operating system to fix a major vulnerability that could expose users to breaches or surveillance.

The National Security Agency alerted the software giant to the flaw in Windows 10, which is the most widely used operating system.

Organizations and companies running Windows 10 should implement the patch immediately, Anne Neuberger, the director of the NSA’s Cybersecurity Directorate, told reporters Tuesday. The Department of Homeland Security recommended isolating systems that cannot be updated.

Microsoft confirmed that a security update was released Tuesday. It also said that its security software can detect and block malware attempting to exploit the vulnerability. ​ 

“Customers who have already applied the update, or have automatic updates enabled, are already protected,” Jeff Jones, senior director with Microsoft, said in a statement. “As always we encourage customers to install all security updates as soon as possible.”

Iran threat: Inside Iran’s shadowy operations to target you on social media

Iran cyberattack: Risk is up after missile strike on Iraqi military bases with US troops

The NSA and Microsoft said they have not seen any hackers attempt to exploit the flaw.

The NSA’s decision to alert Microsoft rather than using the vulnerability to spy on enemy networks marked a shift for the agency. Neuberger said the shift was “a recognition of what the mission needs at this point in time.”

Microsoft says the flaw was in the digital signatures used to determine if software is authentic, one of the ways that software makers work to prevent malware or spyware cloaked as legitimate software. The NSA discovered a mistake in how Microsoft verified signatures, which hackers could have exploited. 

“This vulnerability is one example of our partnership with the security research community where a vulnerability was privately disclosed and an update released to ensure customers were not put at risk,” Microsoft said.

Nominate, Commemorate, Celebrate: Who inspires you? USA TODAY seeks your Women of the Century to commemorate 19th Amendment

Rep. Jim Langevin, D-R.I., a senior member of the House Committees on Homeland Security and Armed Services and the co-founder and co-chair of the Congressional Cybersecurity Caucus, applauded the partnership.

“When government researchers discover a vulnerability in a widely used commercial product, the bias must be toward disclosure,” he said in a statement.

Read or Share this story: https://www.usatoday.com/story/tech/2020/01/14/microsoft-windows-10-patch-alert-nsa-major-flaw-needs-quick-fix/4466688002/

Original Source

Leave a reply

Your email address will not be published. Required fields are marked *