Cybersecurity
Security Agency Discovers Serious Flaw in Microsoft Windows
(Bloomberg) –The National Security Agency alerted Microsoft Corp. that it had found a vulnerability in Windows operating systems that could enable cyber intrusions, according to two people familiar with the matter.
The news comes hours before Microsoft is scheduled to release a security update, which is part of a company practice of disclosing newly found software vulnerabilities in hardware.
There isn’t an active cyber-attack, according to Microsoft.
Anne Neuberger, the NSA’s director of cybersecurity, has scheduled a press briefing on Tuesday, amid an agency push to be more transparent and friction between tech companies and the government in recent years over vulnerability disclosure.
The flaw lies in a part of Windows software known as Crypt32.dll, according to one of the people who requested anonymity because the information isn’t yet public. That file is used by the Windows and Windows Server operating systems — to implement “many of the Certificate and Cryptographic Messaging functions in the CryptoAPI, such as CryptSignMessage” — according to Microsoft. This means that the flaw could affect a broad range of users.
Microsoft has a policy of regularly releasing security updates on the second Tuesday of each month, and this update aligns with that schedule, according to a Monday statement by Jeff Jones, a Senior Director at the company.
“We follow the principles of coordinated vulnerability disclosure (CVD) as the industry best practice to protect our customers from reported security vulnerabilities,” Jones said in the statement. “To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available.”
News of the NSA’s discovery was previously reported by The Washington Post and Krebs on Security, a cybersecurity blog.
-
Uncategorized2 months ago
Oman Oil Marketing Company partners with Ihsaan Association to support its activities
-
Alamaliktistaad Magazines4 weeks ago
Al-iktisaad, October 24
-
OER Magazines4 weeks ago
Signature, October 24
-
Commodities2 months ago
Gold Rangebound as Investors Brace for Key US Economic Data
-
Banking & Finance2 months ago
Apple Pay Officially Launched in Oman
-
Oil & Gas2 months ago
OQEP Appoints United Securities as Liquidity Provider Ahead of Landmark MSX Listing
-
Magazines3 weeks ago
OER, October 24
-
Lifestyle2 months ago
Royal Opera House Muscat Welcomes First Shows of its 2024/25 Season