Windows Patch Tuesday gets Exciting
On the last day of support for Windows 7 news breaks of a severe Windows 10 bug. The bug was so severe the NSA told Microsoft once it was found, or did they?
This bug was related to digital signatures, which is used as a defense against users downloading malware disguised as a typical program. However, due to the bug an attacker could include a digital signature from a trusted provider on any files they wanted. Once an unsuspecting user downloads those files their system could be compromised because of the digital signature Windows 10 would believe its safe.
Below is a tweet from the NSA “Strongly” encouraging users to update their Windows 10 OS
Why did the NSA release the bug?
It would not be strange for the NSA to not release the bug to Microsoft since they would be able to exploit it for their benefit. Should we expect the NSA to always do this from now on… OR, have they know about this but are just not releasing it due to a possible leak that could happen?
In 2016 we saw the NSA provide exploits they were using to Microsoft due to the Shadow Brokers. The NSA only did provide them because the exploits (which were taken from the NSA) were about to be released to the public. Those exploits would be of no use if everyone knew about them since they would be patched and better to patch it before any farther issues.
We will see if this will be how the NSA operates from now on or if any rumors of leaks were soon to come out.