NSA alerted Microsoft to major Windows 10 security flaw

Windows 10 CryptoAPI Spoofing Vulnerability

Windows 7 should not be used for internet banking from Tuesday

The word is Microsoft is still allowing this transition from Windows 7 to Windows 10.

In a press release published by the NSA, the agency explains "the certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution".

The NSA is advising organisations to apply the latest patches immediately or, at the very least, to prioritise systems that host critical infrastructure like DNS servers, VPN servers, or domain controllers.

Those changes happened after a mysterious group calling itself the "Shadow Brokers" released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to fix their systems.

Because the new Edge uses Chromium-the same open-source code that powers Chrome-its performance and features are similar to Google's web browser.

"After January 14, 2020, security updates or support for PCs running Windows 7 will no longer be provided".

The NSA has previously been criticised after it took advantage of vulnerabilities in Microsoft products to deploy hacking tools against adversaries and kept the technology multinational in the dark about it for years.

She added that the agency had decided to make its involvement in the discovery public at Microsoft's request.

Microsoft advises all businesses to migrate to newer, more secure and supported operating systems, such as Windows 10.

Firefox users can also download the free update here. ZDNet, for example, estimates there are around 200 million Windows 7 PCs, while Computer World's number crunching led to an estimate of there being 446 million Windows 7 systems by the end of the month (two months after the OS is retired). "It will be up to Microsoft to decide whether they will release a last patch, even after the software reached its end of life".

"Malware can spread much more easily on obsolete platforms because, without security updates, known vulnerabilities will remain un-patched".

Softcat's Louca didn't see any correlation between the news emerging on the same day that Microsoft shut down support for Windows 7 - which is not affected by the bug - other than that both were related to the vendor's Patch Tuesday updates.

Another expert also pointed out that this flaw should be prioritised by all system administrators.

If left unpatched, a sophisticated attacker could use the vulnerability to fake digital certificates that are used as part of encrypted communications within Windows, according to Microsoft and the NSA.

Fortunately, the vulnerability only affects Windows 10, Windows Server 2019, and Windows Server 2016 OS versions, and it has not been exploited in the wild.

Byleth is the 8th 'Fire Emblem' character to join 'Super Smash Bros.'
Interest all round for Friends reunion