NSA Discovered Critical Windows Flaw and Informed Microsoft

  • NSA has helped Microsoft fix a highly critical Windows bug instead of keeping it for themselves.
  • The problem concerns a CryptoAPI spoofing vulnerability that leads to multiple ways of exploitation.
  • Microsoft has released the fixing patches today, so all Windows users are urged to apply them immediately.

The NSA (National Security Agency) has discovered a major flaw in Windows and reported it to Microsoft. This has been rumored in the last couple of days, so we were expecting to see something significant getting patched with today’s Windows update. What we didn’t expect to see was the reporting party to be the NSA, an entity that has preferred to use significant flaws for their own benefit and spying operations in the past. So, this is an event that showcases a shift in how the NSA handles security matters, although it could be just a flare.

The particular flaw is given the identifier CVE-2020-0601 and concerns the ability to use cryptography to sign a malicious executable, rendering it trusty for the operating system. This could potentially lead to website rerouting, files stealing, microphone activation, keystroke recording, disk wiping, ransomware installation, and anything else nasty you can think of. This is why Microsoft has pushed the fixing patch for this bug to branches of the U.S. military before the rest of us got it with today’s update.

Other critical vulnerabilities that have been addressed in this patch are the following:

  • CVE-2020-0603, CVE-2020-0605, CVE-2020-0606, and CVE-2020-0646 - Four remote code execution flaws in the .NET and ASP.NET core software.
  • CVE-2020-0609 and CVE-2020-0610 – Remote code execution vulnerabilities in the Windows Remote Desktop Protocol Gateway Server
  • CVE-2020-0611 – Remote code execution flaw in the Windows Remote Desktop Protocol client.
  • CVE-2020-0640 – Memory corruption vulnerability in the Internet Explorer web browser.

Apart from the above, today’s patch also fixes another 41 vulnerabilities that are classified as “important”, so applying the update should be an absolute priority for all Windows users right now. Also, this is the final patch that Windows 7 and Windows Server 2008/2008 R2 users will get.

As for what industry experts have to say about NSA’s decision to share their discovery with Microsoft, here’s what Chris Morales of Vectra told us: “NSA may have reported this flaw to MS because there was a concern that others would find this vulnerability themselves, and it was dangerous enough to warrant remediation instead of weaponizing. Or it just could be the NSA already has enough other methods for compromising a Windows system and doesn’t need it.”

Rick Holland, the Vice President of Digital Shadows thinks that: “It would be a mistake to think that NSA is changing direction. They will continue to hoard zero-days and leverage them as required to accomplish their objectives.”

How to Watch European Beach Volleyball Championships 2022 Online From Anywhere
The 2022 European Championships are in full swing, and the European Beach Volleyball Championships are about to reach crunch time. With 128...
How to Watch Homicide Hunter: Never Give Up Online From Anywhere
Lt. Joe Kenda enthralled audiences with tales from the hundreds of murder cases he investigated throughout the 9 seasons of Homicide Hunter....
How to Watch Hotties Online From Anywhere: Stream the Blind Date Food Competition Series
If you like blind date reality shows as much as cooking competitions and extremely spicy food, you'll most probably love this new...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari