In an unprecedented for secret Service move, the National Security Agency (NSA) of the U.S. -the great overhearer- publicly revealed that it found a serious security loophole in Microsoft’s Windows 10 operating system, which could be exploited by hackers or other malicious agents.
Normally you would expect-after the revelations of Edward Snowden- the NSA to shut down the ”backdoor” and use it appropriately for its own benefit. After all, she has previously been accused of having exploited several ”holes” in Microsoft’s products to ”hack” target computers without ever informing the company. And unfortunately later some of these cyber-spying ”tools” fell into the hands of normal hackers.
Microsoft has already rushed to widely release a ”patch” for the problem, while earlier it had sent the security upgrade to the U.S. Army and other ”sensitive” graded users.
The NSA revealed the security gap during a press conference, but did not specify how long it knew about it before disclosing it to Microsoft. The agency argued that in the past it had warned companies about similar problems, but in a discreet way.
The problem -which also affects Windows Server 2016 and 2019, but not earlier versions of Windows- exists in the Windows 10 crypt32. dll program, which allows developers to access various functions, such as digital certificates used to certify software programs. Theoretically, the security gap allows a hacker to camouflages malicious software as legitimate and reliable.
NSA cyber security director Anne Newberger said the Secret Service decided to disclose its involvement in the issue at Microsoft’s request, according to the BBC and Reuters agency.
So far, according to the NSA and Microsoft, there is no evidence that any hacker has exploited the security gap (for the NSA itself, no one can ever be sure…).
Chris Morales, chief analyst at the cyber security company Vectra, told the ”Financial Times ”
”It may well be that the NSA already has other methods of breaching a Windows system, so it simply did not need the new security gap.”