The National Security Agency alerted the software giant about the failure in Windows 10, which is the most used operating system.
Organizations and companies running Windows 10 should implement the patch immediately, Anne Neuberger, director of the NSA’s Cybersecurity Directorate, told reporters on Tuesday. The Department of Homeland Security recommended isolation systems that cannot be updated.
Microsoft confirmed that a security update was released on Tuesday. He also said that his security software can detect and block malware that attempts to exploit the vulnerability.
“Customers who have already applied the update, or have automatic updates enabled, are already protected,” said Jeff Jones, senior director of Microsoft, in a statement. “As always, we encourage customers to install all security updates as soon as possible.”
Iran cyber attack:The risk increases after the missile attack against Iraqi military bases with US troops
The NSA and Microsoft said they haven’t seen any hacker try to exploit the fault.
The NSA’s decision to alert Microsoft instead of using the vulnerability to spy on enemy networks marked a change for the agency. Neuberger said the change was “a recognition of what the mission needs right now.”
Microsoft says the flaw was in the digital signatures used to determine if the software is authentic, one of the ways in which software manufacturers work to prevent malware or covert spyware as legitimate software. The NSA discovered an error in how Microsoft verified the signatures that hackers could have exploited.
“This vulnerability is an example of our partnership with the security research community where a vulnerability was revealed privately and an update was released to ensure that customers were not at risk,” Microsoft said.