Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Microsoft will release a fix for major Windows vulnerability found by the NSA

You may want to update all your Microsoft-related software ASAP. The National Security Agency — yes, the same NSA that Edward Snowden warned us about — reportedly alerted Microsoft that there’s a major flaw in the Windows operating system, a flaw that Microsoft has not confirmed that it’s directly addressed as of yet. Reportedly, it could affect the Windows 10 operating system, and the Windows Server 2016.

First reported by the Washington Post, Microsoft said in a statement to Digital Trends that it is “releasing this month’s update” at 10 a.m. PST on Tuesday, January 14, as part of a “regular Update Tuesday schedule.”

“We follow the principles of coordinated vulnerability disclosure as the industry best practice to protect our customers from reported security vulnerabilities,” Microsoft senior director Jeff Jones said in an email to DT. “To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available.”

The NSA confirmed in a call to journalists this morning that it had alerted Microsoft to the problem, but did not respond to a further request for comment. In a statement released later in the day, the agency confirmed that Microsoft had released “several patches” and they urged everyone to install the updates, as the vulnerability in question was serious.

“NSA contributed to addressing this problem by discovering and characterizing the vulnerability, and then sharing with Microsoft quickly and responsibly,” the statement says. “The company has provided the solution, and now all of us need to adopt it.”

Journalist Brian Krebs reported that there’s been no active exploitation of this soft spot so far, but that apparently some government agencies got an “advance patch” for their systems.

NSA says they discovered the flaw on their own and that Microsoft will report that MS has seen no active exploitation of this vulnerability so far.

— briankrebs (@briankrebs) January 14, 2020

The discovery bares shades of the notorious NSA hacking tool “EternalBlue,” which the NSA used for years to spy on Microsoft systems until the Russians got a hold of it and published it online.

The vulnerability relates to a problem with digital signatures. The code in question reportedly has a flaw in the way it verified digital signatures, which would allow a hacker to potentially duplicate or forge the signature and breach the software from there.

The issue first came to light when security researcher Will Dormann tweeted on Monday that people should definitely update their Microsoft software when an update is available.

I get the impression that people should perhaps pay very close attention to installing tomorrow's Microsoft Patch Tuesday updates in a timely manner. Even more so than others.
I don't know… just call it a hunch?

— Will Dormann (@wdormann) January 13, 2020

This will, apparently, be part of a new initiative at the NSA that Krebs reported will be called “Turn a New Leaf”: an attempt to show a more public-service-y side to the NSA by making its vulnerability research available to the public, eventually.

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Installing this crucial Windows 10 update fixes your frame rates in games
A man playing games on the computer, wearing a headset.

Microsoft has released a long-awaited performance fix related to the Game Mode in Windows 10. The update is meant to solve several gaming-related problems that some people have been experiencing since March.

We now know everything that this Windows update includes, and how to install it on your computer.
How to install the new Windows 10 gaming update

Read more
Microsoft warns Windows users of another unpatched printing vulnerability
A digital depiction of a laptop being hacked by a hacker.

Microsoft might have patched PrintNightmare in Windows, but for the second time this month, there's yet another printer-themed vulnerability in the wild.

Just detailed is a new vulnerability in the Windows Print Spooler service that could allow hackers to install programs; view, change, or delete data; and create new accounts on your PC.

Read more
Microsoft has fixed a huge frustration with the Windows 11 system requirements
Windows 11 updates are moving to once a year.

The first beta version of Windows 11 just shipped, and Microsoft is already listening to some feedback from those who are unable to run the new operating system ahead of release. The company just announced it has removed the controversial PC Health Check App that was giving Windows users mixed results on whether they could run Windows 11 or not.

This was mentioned in a Microsoft blog post featuring an update on the Windows 11 system requirements and apology an for the confusion. Per that post, there are a couple of updates if you're hoping to install Windows 11. The updates cover security, reliability, and compatibility.

Read more