In its first “Patch Tuesday” of the year, Microsoft disclosed a serious flaw in some versions of its Windows operating system. Microsoft doesn’t think hackers have exploited the flaw, and it provided patches to the military and other high-value targets ahead of yesterday’s release.
Now for the actual news: The National Security Agency (NSA) tipped off Microsoft.
The NSA has helped companies identify vulnerabilities before, but this is the first time it’s taken credit. Going public is the first step in building trust with cybersecurity researchers.
The backstory: Microsoft security researchers have special reason to distrust the NSA. Years ago, the agency knew about a Windows vulnerability, but instead of saying anything, it built a hacking tool (called EternalBlue) for its own purposes instead.
In 2017, hackers exploited that vulnerability, crippling networks around the world with WannaCry ransomware. The NSA faced criticism after people found out it could have been prevented.
Later that year, the government released a blueprint for intelligence agencies to follow when they identify flaws in consumer software.
source : Morning Brew