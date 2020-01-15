In what can be considered a huge shift in its policy towards hacking tools and cyber exploits, the US National Security Agency recently informed Microsoft of a major loophole in the Windows 10 OS instead of keeping it to themselves for exploitation later on. Microsoft, on their part, issued a quick patch to cover the hole which again underscores the seriousness of the flaw.

Disclosing further, the NSA said the flaw has to do with the way the Windows 10 OS checks the authenticity of a website that the user wishes to log into. If the site is found to be illegitimate or having dubious records, the OS warns the user and will suggest not to visit the site. It is this very same feature that the NSA recently found to be not working to the optimum, something that it attributed to an error in the software codes.

Nevertheless, the error happens to be a major one and Microsoft can consider itself fortunate it was found by the premier security agency before any hacking groups having ulterior motives. The latter possibility in fact could have led to disastrous consequences by exploiting the flaw.

Those includes making the user to believe any malicious site as genuine, gain access to the computer’s internals and steal or delete files, record keystrokes, activate the mic or camera, install ransomware, to name just a few. The list of possibilities could go on and on.

It also here that the role of NSA is both commendable as well as a bit surprising to many. For the agency has in the past been known to keep such discoveries to themselves for the sake of extracting information from its adversaries and targeted users.

EternalBlue, a hacking tool similar to current discovery is a shining example of that and which the NSA had exploited for years before letting Microsoft know of it. It was only after the MSA came to now of others also being aware of Eternal Blue that they chose to let Microsoft know of it. That was after sitting and exploiting the same for at least five years. Microsoft patched the loophole in early 2017.

The NSA commented on its latest move, attributing it to a change in its policy towards such hacking tools while aiming to achieve a more friendly image among the masses at large. Anne Neuberger, director of the NSA’s Cybersecurity Directorate said they are keen to be seen as an agency that can be trusted.

Windows 10 users meanwhile are strongly advised to install the latest update containing the patch that Microsoft released on January 14, 2020.