NSA Reports Major Windows 10 Flaw to Microsoft, Patch Coming Today

NSA Reports Major Windows 10 Flaw to Microsoft, Patch Coming Today

It’s “Patch Tuesday” for Microsoft, and this is an important one. Not only is this the end of the road for Windows 7, but Microsoft is releasing a major fix for Windows 10 thanks to the National Security Agency (NSA). The NSA reportedly uncovered a serious flaw in Windows 10, and it took the unusual but welcome step of telling Microsoft about it.

Despite its name, the NSA is not aimed at improving security for the general public. Its goal of gathering intelligence and monitoring national communication networks is not served by patching vulnerabilities when it can weaponize them instead. That’s why, traditionally, the NSA keeps these security holes a secret so it can use them against targets.

The vulnerability affects the way Windows 10 verifies digital signatures. That could allow a malicious software package to masquerade as a legitimate installer without tripping any alarms. Thus, someone could leverage the bug to remotely install malware and give it access to the entire system. From the NSA’s perspective, that’s a useful tool for cyberespionage, provided your target is using Windows 10. There’s a reasonable chance they will be, considering Windows 10 is the most popular desktop operating system in the world.

The new Windows 10 flaw is similar to EternalBlue, which fueled the WannaCry ransomware.
The new Windows 10 flaw is similar to EternalBlue, which fueled the WannaCry ransomware.

People briefed on the matter liken this vulnerability to EternalBlue, a flaw that affected most versions of Windows until 2017. The NSA used EternalBlue to break into computers for five years, but then the tool found its way into the hands of other organizations. As a result, EternalBlue fueled major malware campaigns like the WannaCry and NotPetya ransomware outbreaks. While the new vulnerability isn’t as severe as EternalBlue (it only affects Windows 10), it could allow for similar attacks if it ever got out. Perhaps that’s why the NSA opted to alert Microsoft instead of trying to weaponize the flaw.

Microsoft should release the patch today for all Windows 10 users. We also expect a statement on the vulnerability, urging everyone to update as soon as possible. While it’s better than the NSA disclosed the flaw to Microsoft, it could still serve as the basis for online attacks if users don’t update their systems. The NSA claims there are no currently active exploits online that use this vulnerability, but that could change in an instant.

Continue reading

How to Observe Today’s Total Solar Eclipse From Anywhere
How to Observe Today’s Total Solar Eclipse From Anywhere

Although COVID-19 and its related restrictions have limited attendance at today’s Chile-Argentina total solar eclipse to locals and a handful of intrepid travelers, you can view video of the Moon’s passage across the face of the Sun over several live feeds.

WATCH: Perseverance Lands on Mars Today in ‘7 Minutes of Terror’
WATCH: Perseverance Lands on Mars Today in ‘7 Minutes of Terror’

It's almost time for Perseverance to join Curiosity on the surface of Mars. Here's how to watch the landing.

BlackBerry Shuts Down Services for Legacy Phones Today
BlackBerry Shuts Down Services for Legacy Phones Today

BlackBerry, formerly known as RIM, is sticking with the timeline announced in 2020 to shut off services for BlackBerry OS, marking the end of an era in mobile technology.

NASA Will Roll Artemis 1 Moon Rocket to the Launch Pad Today
NASA Will Roll Artemis 1 Moon Rocket to the Launch Pad Today

NASA is rolling out the Artemis 1 Space Launch System (SLS) at Kennedy Space Center, making preparations to launch it this May. A lot has to go right before that can happen, and the SLS doesn't exactly have a good track record.