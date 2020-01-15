Share the joy















This is not the first time that experts found a Microsoft Windows bug. The National Security Agency (NSA) recently announced that it found a bug in Microsoft Windows. It could leave millions of personal computers vulnerable to attack.

After the NSA disclosed it, Microsoft released a patch for its Windows 10 and Server 2016 today. The flaw was a serious vulnerability. It was a rare thing for NSA to do it. But it showed that the agency has as new priority, i.e. transparency.

“NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows®1 cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities.”

With this bug, attackers can falsify a legitimate program. In that way, it can easily run malicious software, such as ransomware on a vulnerable PC. The user would not know whether or not the file was malicious because the certificate would look like it came from a trusted provider.

It could also modify HTTPS communications.

The good thing is that Microsoft did not find any evidence that the bug has been exploited by hackers. But it still categorized it as important.

But the bug was first reported by Brian Krebs, an independent security journalist. And the NSA confirmed it. The agency handed the details to Microsoft so that the company could build a fix.

Two years ago, people criticized the said agency for using a Windows vulnerability to perform surveillance, rather than telling Microsoft about the flaw. It utilized the flaw to secretly attack vulnerable computers. However, the exploit was found and used to infect thousands of computers through WannaCry ransomware.

Although we cannot expect that the agency will give up its hacking tools, this effort is surely a shift to more transparency. And it is a welcome step.

Microsoft Released a New Browser

On another note, Microsoft launched a new browser today. You can download and install it on your Windows and macOS. It is a more stable version of Edge Chromium. The release is just more than a year after the company switched to Chromium.

Microsoft is planning to update Windows 10 automatically in the coming months. In that way, users can use the new version of Edge. Doing so will replace the built-in browser. Microsoft is taking it slow when it comes to bringing its new browser to users through Windows Update. It will fully roll out to every PC in the summertime.

The company is releasing this Edge version to OEMs. In that case, you can expect to find new machines with a preinstalled new version of Edge.

Although Edge Chromium will be available today, the version will not have some features like history sync. However, your favorites passwords will all sync.

As for the Microsoft Windows bug, you need to update your computer ASAP.

