Microsoft will patch Windows 10 after the NSA quietly told it about a major vulnerability


Satya Nadella, chief executive officer of Microsoft Corp., pauses while speaking during a Microsoft product event in New York, U.S., on Wednesday, Oct. 2, 2019.

Mark Kauzlarich | Bloomberg | Getty Images

The National Security Agency alerted Microsoft in recent weeks to a significant issue affecting its Windows 10 operating system, ubiquitous within corporations and among consumers, two senior federal cybersecurity officials told CNBC.

The flaw affected encryption of digital signatures used to authenticate content, including software or files. If exploited, the flaw could allow criminals to send malicious content with fake signatures that make it appear safe. The finding was reported earlier by the Washington Post.

It was unclear how long the NSA knew about the flaw before reporting it to Microsoft. The cooperation, however, is a departure from past interactions between the NSA and major software developers like Microsoft. In the past, the top security agency has kept some major vulnerabilities secret in order to use them as part of the U.S. tech arsenal.

Microsoft did not immediately respond to request for comment.

According to the Post, the NSA said in a Tuesday morning call with cybersecurity experts that Microsoft will report that it had not seen any exploitation of the flaw. The NSA is expected to announce its findings later on Tuesday.

Follow @CNBCtech on Twitter for the latest tech industry news.

Leave a comment

Please Login to comment
Notify of