With various versions of Windows occupying a billion devices worldwide, Microsoft's premier operating system paints a rather large target on its back for smaller B2B security firms looking to stay ahead of nefarious parties, while also finding itself in the crosshairs of much larger agencies who might want to weaponize exploits for future data and surveillance collection.
The United States National Security Agency recently chose the former option as it alerted Microsoft about a Windows flaw that could put millions of users in danger of breach or surveillance hack. For obvious reasons, the details of the exploit are relatively vague, but according to the Washington Post, the vulnerability is essentially a mistake in computer code that specifically targets users of Microsoft's latest Windows 10 operating system. By leveraging Microsoft and Adobe's Code-signing sync engine, the NSA found an error in the Windows code that normally verifies legitimate signatures but could now ultimately allow hackers to install ransomware or spyware on Windows 10 PCs if exploited.
"The discovery has been likened to a slightly less severe version of the Microsoft flaw that the NSA once weaponized by creating a hacking tool dubbed EternalBlue, which one former agency hack said was like "fishing with dynamite."
As a bit of a refresher, EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) protocol in various versions of Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. The NSA used and, arguably abused the exploit right up until it became widely distributed online five years after they discovered it. The NSA ultimately alerted Microsoft in 2017 and a patch followed in early 2017, but only months before three other major cyberattacks were credited using the tool.
Fortunately, the NSA isn't holding on to this one and giving it room to breathe like EternalBlue. Instead, by alerting Microsoft quickly, the NSA appears to be exhibiting a shift in prioritization of security and surveillance, for now at least. While Microsoft has had no comment on the matter, the NSA seems confident that the company will have a patch issued Tuesday to address the exploit, at which point Microsoft and the NSA can declare that "it has seen no active exploitation of the flaw."
The discovery of the exploit comes as Microsoft ends security support for Windows 7 and attempts to shift consumers and businesses still using the soon-to-be vulnerable OS, over to Windows 10.