Officials announced that the NSA showed a little benevolence by reporting a major vulnerability in Microsoft’s Windows to the company rather than taking advantage of the breach.
This disclosure of a vulnerability is a shift in the paradigm of NSA’s method of using all available hacking tools to spy on rivalries and adversaries. This time, the security agency chose security first before its operational method.
According to NSA’s cybersecurity director, Anne Neuberger,
the decision to turn up vulnerability information shows NSA’s willingness to
share and collaborate with others in different industries. She said NSA is
trying rebuilt trust by sharing data and its findings with the companies
involved. She said NSA immediately reported to Microsoft as soon as the
cybersecurity team discovered the flaw.
Cybersecurity professional, Dmitri Alperovitch, said that
it’s a great move by the NSA to disclose a security breach on Microsoft that
could cause severe havoc when the information enters the wrong hand. He also
stated that this type of flaw is what the NSA has learned to exploit over the
years.
The bug only affects the Windows OS, which is the most commonly used operating system by businesses and the government. On Tuesday, Microsoft updated the vulnerable section and set up a patch for the breach.
The company reported on Monday about its plan to correct the bug within the Windows network. Already, the security update released on Jan 14 has allayed fears about hacking attempts. However, those who have not already made their updates could be more susceptible to attack. So, Microsoft is asking all its customers to update their platform and install all security updates as soon as they can.
A senior director at Microsoft, Jeff Jones, said customers
should try and stay up to date with the latest security patches. Customers
should make sure they install the latest security updates so that they would
not be vulnerable to any cyber attack.
The show of concern about Microsoft’s security could
slightly restore the already foiled image the agency had gained in recent
times. The image was tarnished after it lost control of EternalBlue, a powerful
hacking tool. According to a former NSA agent, using EternalBlue can be
compared to fishing with dynamite, because the agency got a lot of benefits
from the tool.
The hacking tool was developed by the NSA when it exploited some software vulnerability in some Microsoft OS. The agency took advantage of the vulnerability and was generating data for 5 years without informing Microsoft about the vulnerability .
But NSA only informed Microsoft when it discovered that
others have become aware of the vulnerability. After gaining information about
the breach, Microsoft batched it in 2017. About one month after the patch, a
Russian hacking group known as Shadow Brokers exposed NSA and released the tool
the agency used online.
Even after Microsoft patched the vulnerability, North Korean and Russian Hackers were able to take advantage of launch series of attacks. They launched WannaCry and NotPetya which caused a lot of damage to business organizations all over the world.
The NSA has been blamed for grooming EternalBlue, which it could no longer control. Till today, companies are fighting off intrusions and ransomware enabled by EternalBlue. The level of public confidence right now is at its lowest, with all the spying and hacking activities .
EternalBlue was deployed on all types of window systems,
whether the older versions or the latest version. That is the reason its impact
is so devastating. The recent flaw discovered by the NSA would come in handy
for some hackers who are looking to infiltrate some systems using Windows 10.
Microsoft has software that authenticates a website when a
user enters the website. According to NSA, there is a breach in the software
code that does not properly check for authenticity from clients.
According to a former NSA hacker, Jake Williams, hackers who want to exploit the vulnerability of the system and design a weapon that could record keystrokes, passwords, activate microphones, install ransomware , and steal files. However, Microsoft and NSA reportedly said they had not seen any sign of such an attack on the system yet.
legit dump sites cvv bins for sale