Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Microsoft will release a fix for major Windows vulnerability found by the NSA

You may want to update all your Microsoft-related software ASAP. The National Security Agency — yes, the same NSA that Edward Snowden warned us about — reportedly alerted Microsoft that there’s a major flaw in the Windows operating system, a flaw that Microsoft has not confirmed that it’s directly addressed as of yet. Reportedly, it could affect the Windows 10 operating system, and the Windows Server 2016.

First reported by the Washington Post, Microsoft said in a statement to Digital Trends that it is “releasing this month’s update” at 10 a.m. PST on Tuesday, January 14, as part of a “regular Update Tuesday schedule.”

“We follow the principles of coordinated vulnerability disclosure as the industry best practice to protect our customers from reported security vulnerabilities,” Microsoft senior director Jeff Jones said in an email to DT. “To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available.”

The NSA confirmed in a call to journalists this morning that it had alerted Microsoft to the problem, but did not respond to a further request for comment. In a statement released later in the day, the agency confirmed that Microsoft had released “several patches” and they urged everyone to install the updates, as the vulnerability in question was serious.

“NSA contributed to addressing this problem by discovering and characterizing the vulnerability, and then sharing with Microsoft quickly and responsibly,” the statement says. “The company has provided the solution, and now all of us need to adopt it.”

Journalist Brian Krebs reported that there’s been no active exploitation of this soft spot so far, but that apparently some government agencies got an “advance patch” for their systems.

NSA says they discovered the flaw on their own and that Microsoft will report that MS has seen no active exploitation of this vulnerability so far.

— briankrebs (@briankrebs) January 14, 2020

The discovery bares shades of the notorious NSA hacking tool “EternalBlue,” which the NSA used for years to spy on Microsoft systems until the Russians got a hold of it and published it online.

The vulnerability relates to a problem with digital signatures. The code in question reportedly has a flaw in the way it verified digital signatures, which would allow a hacker to potentially duplicate or forge the signature and breach the software from there.

The issue first came to light when security researcher Will Dormann tweeted on Monday that people should definitely update their Microsoft software when an update is available.

I get the impression that people should perhaps pay very close attention to installing tomorrow's Microsoft Patch Tuesday updates in a timely manner. Even more so than others.
I don't know… just call it a hunch?

— Will Dormann (@wdormann) January 13, 2020

This will, apparently, be part of a new initiative at the NSA that Krebs reported will be called “Turn a New Leaf”: an attempt to show a more public-service-y side to the NSA by making its vulnerability research available to the public, eventually.

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Alt+Tab broken by Windows 10 update? Here’s how to fix it
Alt + Tab on Windows 10.

Alt + Tab is a reliable friend to many PC gamers, serving as one of the most useful shortcuts in Windows 10. However, a recent Windows 10 update seems to have broken the shortcut for some users. According to Windows Latest, switching between a game and the desktop will essentially lock some users to the desktop, preventing them from using Alt + Tab to get back into the game.

It seems like the issue applies to two Windows 10 updates. The first rolled out on July 29 (KB5004296), and users started posting about issues on Reddit immediately after its release. "Literally every ful-screen game that I try to play keeps getting minimized. I have done all the steps from various Google searches that have this issue, but I think the issue is this new update," one user wrote.

Read more
Installing this crucial Windows 10 update fixes your frame rates in games
A man playing games on the computer, wearing a headset.

Microsoft has released a long-awaited performance fix related to the Game Mode in Windows 10. The update is meant to solve several gaming-related problems that some people have been experiencing since March.

We now know everything that this Windows update includes, and how to install it on your computer.
How to install the new Windows 10 gaming update

Read more
Microsoft warns Windows users of another unpatched printing vulnerability
A digital depiction of a laptop being hacked by a hacker.

Microsoft might have patched PrintNightmare in Windows, but for the second time this month, there's yet another printer-themed vulnerability in the wild.

Just detailed is a new vulnerability in the Windows Print Spooler service that could allow hackers to install programs; view, change, or delete data; and create new accounts on your PC.

Read more