The US security service NSA has probably discovered a large gap in the security of the Windows 10 operating system. Malicious people could use it to penetrate deep into the computers of unsuspecting people and companies.
According to The Washington Post newspaper, Microsoft, the maker of Windows, today comes with an update to close the gap. Microsoft itself has not yet responded.
The gap would be in the way Windows checks programs, called code signing. In the code of computer programs is a signature of the maker. When an update comes, Windows knows that it is a real update and that it is not malicious software that acts as an actual program.
The NSA would have discovered that this can be circumvented. A hacker, for example, could place espionage software somewhere unseen.
Windows 10 is the most recent version of the operating system. He came on the market in 2015. Two in three Windows PCs in the world run on Windows 10.
According to The Washington Post, the NSA immediately sent a warning to Microsoft after the discovery, so that the company could correct the error.
If that is correct, it is a striking change of course. In 2011 or 2012, the NSA also found a hole in Windows. That hole was named EternalBlue. The service stopped the discovery so that the hackers could use the opening.
However, the information fell into the hands of others, possibly Russian cyberspies. EternalBlue was then used to distribute the WannaCry hostage software. That attack is attributed to North Korean state hackers.
English