Microsoft says it will fix flaw said to affect critical Windows component

by Reuters
Tuesday, 14 January 2020 17:53 GMT

By Raphael Satter

Jan 14 (Reuters) - Microsoft Corp said on Tuesday it will roll out a security fix that cybersecurity experts expect will correct a highly dangerous weakness in its popular Windows operating system.

Microsoft Senior Director Jeff Jones said in a statement that the company does not discuss details ahead of an update. But cybersecurity circles have been abuzz https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday for most of the day in anticipation that the fix repairs flaws in how the operating system authenticates and secures data.

The Washington Post reported https://www.washingtonpost.com/national-security/nsa-found-a-dangerous-microsoft-software-flaw-and-alerted-the-firm--rather-than-weaponize-it/2020/01/14/f024c926-3679-11ea-bb7b-265f4554af6d_story.html on Tuesday that the National Security Agency discovered the flaw in recent weeks and alerted Microsoft to the problem.

NSA declined to comment ahead of a phone briefing on Tuesday about the vulnerability.

The NSA had previously come under criticism after it took advantage of vulnerabilities in Microsoft products to deploy hacking tools against adversaries and kept the Redmond, Washington-based company in the dark about it for years. When one of those tools was dramatically leaked to the internet by a group calling itself ShadowBrokers, it was deployed against targets around the globe by hackers of all stripes.

In the most dramatic case, a group used the tool to unleash a massive malware outbreak dubbed WannaCry in 2017. The data-wiping worm wrought global havoc, affecting what Europol estimated https://www.reuters.com/article/us-cyber-attack-europol/cyber-attack-hits-200000-in-at-least-150-countries-europol-idUSKCN18A0FX was some 200,000 computers in more than 150 countries. (Reporting by Raphael Satter; Editing by Richard Chang)

Our Standards: The Thomson Reuters Trust Principles.