NSA discovered a severe security flaw in Windows 10, Microsoft releases free fix

Another day, another security vulnerability in Microsoft Windows 10. This time, the severe security flaw was found by the U.S. National Security Agency (NSA). The agency reported on its website that it discovered a major security flaw that could let hackers intercept seemingly secure communications in Microsoft’s Windows 10 operating system.

Known for keeping security flaws to its chest, this time the agency tipped off Microsoft so that it can fix the system for everyone. “This vulnerability may not seem flashy, but it is a critical issue. Trust mechanisms are the foundations on which the internet operates – and CVE-2020-0601 permits a sophisticated threat actor to subvert those very foundations,” the agency said.

“NSA contributed to addressing this problem by discovering and characterizing the vulnerability, and then sharing with Microsoft quickly and responsibly. The company has provided the solution, and now all of us need to adopt it,” NSA wrote.

Microsoft immediately released a free software patch to fix the flaw Tuesday and credited the intelligence agency for discovering it. The company said it has not seen any evidence that hackers have used the technique.

Amit Yoran, CEO of security firm Tenable, said it is “exceptionally rare if not unprecedented” for the U.S. government to share its discovery of such a critical vulnerability with a company. Yoran, who was a founding director of the Department of Homeland Security’s computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.