As we are all aware, security is a major part of today's software, as hacking is an always evolving and always present concern. Imagine my surprise when I saw that one of the most notorious organizations in the earth when it comes to privacy breaching, the NSA, not only discovered a major security flaw in Microsoft's latest update, but rather than exploit it, the NSA programmers disclosed it directly to Microsoft.
"Few things are more terrifying than receiving a warning from the National Security Agency (NSA), and that's exactly what happened to Microsoft yesterday." An article by techspot covering the incident said, and we cannot agree more.
According to The Verge "The bug is a problem for environments that rely on digital certificates to validate the software that machines run, a potentially far-reaching security issue if left unpatched." This could allow attackers to spoof the digital signature tied to pieces of software, allowing unsigned and malicious code to masquerade as legitimate software. Despite that, Microsoft has deemed the flaw as -not- critical, but went on to fix this immediately nonetheless.
Conversely Appnews has also reported on the incident and mentions that “The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider" meaning that if successfully exploited, attackers would have been able to conduct “man-in-the-middle attacks” and decrypt confidential information they intercept on user connections.
However, it appears as if a hotfix was released by Microsoft rapidly, focused on the computers with hither risk of being affected, and customers that had enabled the auto updater would receive it immediately.
One thing is for sure, the issue has been resolved rapidly and swiftly.
NSA has been met with skepticism by many after a few privacy breach scandals it was involved with a while back, but those articles I read has only reinforced in me the belief that, despite some slip ups, we should always try to keep an open mind, and judge an organization from the sum of its behavior.
I for one find it commendable that the NSA employees informed Microsoft of this as fast as they could, and that the issue was resolved with commendable speed by all parties involved.