Team OS : Your Only Destination To Custom OS !!

Welcome to TeamOS Community, Register or Login to the Community to Download Torrents, Get Access to Shoutbox, Post Replies, Use Search Engine and many more features. Register Today!

  • Minimum Required Ratio Alert!

    Notice! From Today Onwards Minimum Required Ratio is Set to 0.4 . Either Use Bonus to Increase Ratio or Become VIP in order to Download Torrents.

Tech News Microsoft alerted about new Windows flaw by NSA

Wichestery2k

DaRTh-WaRe_LorD
Power User
Downloaded
626.5 GB
Uploaded
11.9 TB
Ratio
19.41
With various versions of Windows occupying a billion devices worldwide, Microsoft’s premier operating system paints a rather large target on its back for smaller B2B security firms looking to stay ahead of nefarious parties, while also finding itself in the crosshairs of much larger agencies who might want to weaponize exploits for future data and surveillance collection.

The United States National Security Agency recently chose the former option as it alerted Microsoft about a Windows flaw that could put millions of users in danger of breach or surveillance hack. For obvious reasons, the details of the exploit are relatively vague, but according to the Washington Post, the vulnerability is essentially a mistake in computer code that specifically targets users of Microsoft’s latest Windows 10 operating system. By leveraging Microsoft and Adobe’s Code-signing sync engine, the NSA found an error in the Windows code that normally verifies legitimate signatures but could now ultimately allow hackers to install ransomware or spyware on Windows 10 PCs if exploited.

More specifically,

“The discovery has been likened to a slightly less severe version of the Microsoft flaw that the NSA once weaponized by creating a hacking tool dubbed EternalBlue, which one former agency hack said was like “fishing with dynamite.”

As a bit of a refresher, EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) protocol in various versions of Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. The NSA used and, arguably abused the exploit right up until it became widely distributed online five years after they discovered it. The NSA ultimately alerted Microsoft in 2017 and a patch followed in early 2017, but only months before three other major cyberattacks were credited using the tool.

Fortunately, the NSA isn’t holding on to this one and giving it room to breathe like EternalBlue. Instead, by alerting Microsoft quickly, the NSA appears to be exhibiting a shift in prioritization of security and surveillance, for now at least. While Microsoft has had no comment on the matter, the NSA seems confident that the company will have a patch issued Tuesday to address the exploit, at which point Microsoft and the NSA can declare that “it has seen no active exploitation of the flaw.”

The discovery of the exploit comes as Microsoft ends security support for Windows 7 and attempts to shift consumers and businesses still using the soon-to-be vulnerable OS, over to Windows 10.
 

niklasw99

Registered User
Downloaded
0 bytes
Uploaded
5 GB
Ratio
-
So this affects Windows 7 and Windows 10 with SMB 1v enabled, Right?
 

Beechmasters

Registered User
Downloaded
100.8 GB
Uploaded
1.8 TB
Ratio
18.28
I knew they would find a way to force people to move from win 7 to winyuck 10.
I expect there will be more of these once win 7 updates end. Mark my words. It also happened with XP.
The updates ended and then "all of a sudden".
Thanks Wichestry for pointing this out :)
 
Loading...
Top