Four days ago, Microsoft made security patches available to its users to fill a major vulnerability affecting its operating system.
The flaw seemed so serious that it took an NSA intervention for public disclosure. "The vulnerability is so seve[…]re that, exploited, would make platf[concernées]orms fundamentally vulnerable," the US agency said.
This article will also interest you: What do we really know about the BlueKeep security flaw that affects Microsoft's OS?
In practical terms, this vulnerability allowed hackers to make the system believe that malware was valid. This would allow hackers to run malware without the knowledge of Windows users quite easily. It also weakened the protections of some navigations under HTTPS. Given the severity of the security flaw, Windows users were asked not to hang around about the update to be made as soon as possible.
The emergency negligence can be costly. The fix is already Windows users are asked not to defer this operation.
by elsewhere, virtually all government agencies are on their toss to alert like France with Anssi.
The vulnerability was for the most recent versions of Windows including Windows 10, Windows Server 2016 and Windows Server 2019. As mentioned above, the security breach was revealed to Microsoft by the NSA, the U.S. National Security Agency, which considered it important to inform the Mountain view firm. The peculiarity of this disclosure lies in the fact that the U.S. agency tends to keep some of the information relating to security vulnerabilities to itself and use it more on behalf of the United States government, as was denounced by Edward Snowden in the WikiLeaks case. However, it cannot be said at this time that this is the very first signaling made by the NSA to Microsoft. Some see it as an attempt to buy back the U.S. agency.
Indeed, we remember that in 2017, exploiting a security flaw in Windows, a vulnerability already known for a long time, North Korean hackers, it seems, had managed to launch a ransom program that caused one of the greatest damage in the history of computer hacking last decade. We're talking about Wannacry. Prior to that, this loophole was used by the NSA for these espionage operations. It was the same with the hacking wave of the infamous NotPetya, another ransoming program that is wreaking havoc.
Last I heard, Microsoft and the NSA that the security flaw has not yet been used by any hacker computer science.
of the On the French side, the institution State in charge of computer security said "the emergency to implement the update as soon as possible."
However, if since Tuesday the fix is available, it is to be feared that some users as usual will hang around for the update. Which is of course a problem not to be overlooked.
Now access an unlimited number of passwords: