Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

If hackers try to exploit the latest flaw in Windows operating system, it could have potentially serious consequences for the systems and users.

Mike Blake/Reuters

Microsoft Corp on Tuesday rolled out an important security fix after the U.S. National Security Agency tipped off the company to a serious flaw in its widely used Windows operating system, officials said.

Microsoft said the flaw could allow a hacker to forge digital certificates used by some versions of Windows to authenticate and secure data. Exploiting the flaw could have potentially serious consequences for Windows systems and users.

The NSA and Microsoft said they had not seen any evidence that the flaw had previously been abused, but both urged Windows users to deploy the update as soon as possible. NSA official Anne Neuberger noted that operators of classified networks had already been prodded to install the update and everyone else should now “expedite the implementation of the patch.”

Story continues below advertisement

The Microsoft patch marks the first time the NSA has publicly claimed credit for prompting a software security update, although the agency said it has alerted companies in the past to flaws in their products. Neuberger said the agency was striving for more transparency with the information security research community.

“Part of building trust is showing the data,” she told reporters in a call just minutes before the patch went live.

Experts said the move was unprecedented.

“I have never seen this before,” said Tenable Chief Executive Amit Yoran, who previously served as founding director of the U.S. Computer Emergency Readiness Team.

“I cannot think of a single instance where government shared a zero-day with a vendor and took credit for it,” he said in an e-mail.

The NSA faces a balancing act when it comes across such vulnerabilities. The agency had been criticized after its cyberspies took advantage of vulnerabilities in Microsoft products to deploy hacking tools against adversaries and kept the Redmond, Washington-based company in the dark about it for years.

When one such tool was dramatically leaked to the internet in 2016, it was deployed against targets around the globe by hackers of all stripes.

Story continues below advertisement

In the most dramatic case, a group used the tool to unleash a massive malware outbreak dubbed WannaCry in 2017. The data-wiping worm wrought global havoc, affecting what Europol estimated was some 200,000 computers in more than 150 countries.

Neuberger did not directly address that controversy in her call but said that the NSA hoped to be “a good cybersecurity partner.”

“We’re working to evolve our mission,” she said.

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies