Computer safety
Microsoft Windows 10 patch fixes vulnerability.
Microsoft has released a patch for its Windows 10 operating system to fix a major vulnerability that could expose users to breaches or surveillance.
The National Security Agency alerted the software giant to the flaw in Windows 10, which is the most widely used operating system.
Organizations and companies running Windows 10 should implement the patch immediately, Anne Neuberger, the director of the NSA’s Cybersecurity Directorate, told reporters Tuesday.
The Department of Homeland Security recommended isolating systems that cannot be updated.
Microsoft confirmed that a security update was released Tuesday. It also said that its security software can detect and block malware attempting to exploit the vulnerability.
“Customers who have already applied the update, or have automatic updates enabled, are already protected,” Jeff Jones, senior director with Microsoft, said in a statement. “As always we encourage customers to install all security updates as soon as possible.”
The NSA and Microsoft said they have not seen any hackers attempt to exploit the flaw.
The NSA’s decision to alert Microsoft rather than using the vulnerability to spy on enemy networks marked a shift for the agency.
Neuberger said the shift was “a recognition of what the mission needs at this point in time.”
Microsoft says the flaw was in the digital signatures used to determine if software is authentic, one of the ways that software makers work to prevent malware or spyware cloaked as legitimate software. The NSA discovered a mistake in how Microsoft verified signatures, which hackers could have exploited.