The National Security Agency has discovered a major security flaw in Microsoft’s Windows 10 operating system that could let hackers intercept seemingly secure communications, the AP reports. But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone. Microsoft released a free software patch to fix the flaw Tuesday and credited the intelligence agency for discovering it. The company said it has not seen any evidence that hackers have used the technique. Amit Yoran, CEO of security firm Tenable, said it is “exceptionally rare if not unprecedented” for the US government to share its discovery of such a critical vulnerability with a company.
Yoran, a founding director of the Department of Homeland Security’s computer emergency readiness team, urged all organizations to prioritize patching their systems quickly. An advisory sent by the NSA on Tuesday said “the consequences of not patching the vulnerability are severe and widespread.” Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source. Meanwhile, Microsoft said Tuesday it has stopped providing support for Windows 7, meaning no more security patches or updates for the venerable operating system, per CNN. Windows 7 is run by a third of PC users, meaning the new policy will affect hundreds of millions of people.
(Read more National Security Agency stories.)