Why do experts value the intelligence of the NSA reporting Windows 10 vulnerabilities?



In January 2020, Microsoft distributed security patches to fix dangerous vulnerabilities affecting hundreds of millions of PCs running Windows 10. According to Microsoft reports , this vulnerability was discovered in Windows API called CryptoAPI , but security experts pointed out that it was `` important point '' especially, `` Reported vulnerability Was the U.S. intelligence agency, the National Security Agency (NSA) . '

Microsoft patches Windows 10 after NSA finds vulnerability

Microsoft patches Windows 10 security flaw discovered by the NSA-The Verge

Microsoft and NSA say a security bug affects millions of Windows 10 computers | TechCrunch

Using one of the features included in CryptoAPI, developers can digitally sign software to prove that the software has not been tampered with. However, when using the vulnerability of CryptoAPI announced by Microsoft this time, it can disguise the digital signature of the content including software and files and make dangerous content appear to be safe.

Microsoft said, `` Since the digital signature looks like a trusted provider, there is no way for the user to know that the file is malicious, '' exploiting vulnerabilities to exploit malicious such as ransomware May be able to run vulnerable software on vulnerable computers. According to

CERT-CC , a vulnerability disclosure center operated by Carnegie Mellon University, in this advisory on vulnerabilities, 'abusing this vulnerability may enable interception or modification of HTTPS or TLS communication.' Pointed out.

by BrianAJackson

On the other hand, security experts are also looking at the vulnerability from another perspective. Satnam Narang, senior research engineer at cybersecurity company Tenable , said, `` Patches for such vulnerabilities are always important in general, but more importantly because the NSA disclosed the vulnerabilities to Microsoft. It has increased in nature. '

The NSA is known to spend a lot of money developing malware and hacking tools, as well as creating tools that enable zero-day attacks without disclosing independently discovered vulnerabilities Is also known.

Clearly the existence of numerous hacking tools developed by the NSA to track hackers in other countries-gigazine

by Ilya Pavlov

The NSA was also strongly accused of knowing that the spread of the world-wide ransomware WannaCry used a vulnerability attack tool called EternalBlue developed by the NSA.

The attack tool `` EternalBlue '' that spreads the ransomware `` WannaCry '' is spreading smoothly-gigazine

by Laurent Peignault

This case that the NSA reported the vulnerability discovered to Microsoft seems to be the NSA's attempt to break away from the past policy of `` hiding the discovered vulnerability and using it for their own activities '' Have been Former NSA hacker Jake Williams asserted, 'This bug is easier for government agencies to use than a typical hacker. It was an ideal vulnerability for man-in-the-middle attacks.' We welcome that the discovered vulnerabilities have been shared with Microsoft, not weaponized.

It is not clear how long it took from the discovery of this vulnerability by the NSA until it was actually notified to Microsoft, but Microsoft told CNBC that `` the vulnerability was actually exploited. I have never done that. '

This is not the first time a government agency has reported a vulnerability to a company, but it is the first time that a vulnerability report has been attributed to the NSA. Security reporter Brian Krebs asserted that the NSA-Microsoft partnership is part of a new initiative to 'make NSA research accessible to software vendors and the public.'

The NSA noted in its independently issued (PDF file) recommendation that the vulnerability is extremely dangerous. 'This vulnerability puts Windows devices at risk of being exposed to a wide range of malicious vectors,' he says.

in Software,   Security, Posted by log1h_ik