In what appears to be a first for the agency, the NSA disclosed a significant Windows 10 security issue to Microsoft rather than weaponizing it and turning it into a tool to spy on people. This is apparently the kind of bug that would allow the agency to target unsuspecting citizens with tools that could extract information from their computers. It’s also the kind of security issues that hackers affiliated with other nations or working alone could use for their own nefarious purposes. Microsoft has already patched the flaw, and you should install the latest Windows 10 update as soon as you get it.
The bug the NSA disclosed concerns a security feature that could impact any Windows 10 user browsing the web. When a user logs onto a website, the browser checks the authenticity of the site, but Microsoft’s software contains an error that fails to properly authenticate a website.
Hackers would be able to exploit the bug and create cyber weapons that would reroute users to malicious sites. The security issue would apparently let them steal data, install malicious apps, and even wipe disks clean. They could also activate microphones and record keystrokes, The Washington Post explains.
As dangerous as it may sound, the now-patched security issue hasn’t been exploited. That doesn’t mean hackers won’t try to replicate the NSA’s findings and come up with attacks that might still hit those Windows 10 users who don’t update regularly.
Even so, the National Security Agency’s action deserves some recognition. It might be a PR move, as the NSA is looking to regain your trust after previous indiscretions, but it’s still laudable. The NSA did disclose bugs to Microsoft in the past, although it did it quietly, not to raise any alarms.
“This is . . . a change in approach . . . by NSA of working to share, working to lean forward and then working to really share the data as part of building trust,” director of the NSA’s Cybersecurity Directorate Anne Neuberger told The Post. “As soon as we learned about [the flaw], we turned it over to Microsoft.”
That doesn’t mean the NSA will walk away from all software security flaws that it might discover in the future, especially the kind that would give it backdoors in software. Still, the Agency might choose to share more bugs with software developers faster than before. After all, the NSA did lose control of a previous Windows flaw a few years ago, which allowed foreign hackers to wreak havoc with sophisticated malware attacks — we’ve covered EternalBlue, NotPetya, and WannaCry extensively a couple of years ago.