New Year, New NSA | NSA Helping Microsoft?

Technology has been progressing faster and faster over the years. What was a critical vulnerability in 2005 is now a redundant memory in the security industry keeping a “gentle” reminder of how important security is in the cyber industry.

The NSA is one of those agencies which have a very bad reputation in the cybersecurity industry holding back on found vulnerabilities to build up their arsenal of cyber-attacks. Back in April 14, 2017, the Shadow Brokers leaked hacking tools from the NSA which mainly affected the Windows SMB service resulting in Remote-Code-Execution (RCE). This vulnerability was exploited against millions of machines being used as a ransomware attack (WannaCry).

The leaked exploit was known as ‘EternalBlue’ and was released one month after Microsoft sent out a patch to fix the vulnerability.

Why am I mentioning an issue that happened almost 3 years ago? Very recently, the NSA has decided to help Microsoft identify a vulnerability! This vulnerability was to do with how windows identifies trusted sources. If exploited correctly, it could be used to aid in ransomware attacks.

“This is serious news, as the crypt32.dll is a module needed for securing the Microsoft Operating Systems. We still don’t know precisely what the bug is and how easily it could be exploited, as that hasn’t been fully disclosed yet, but there are some pointers online that can give us an idea,” – Boris Cipot, Senior Security Engineer.

This is a very interesting case due to the history the NSA has with Microsoft. It will be interesting to see the relationship between the two progress from here. The NSA could have easily weaponised this vulnerability and added it to their arsenal, but they decided not to and inform Microsoft instead.

It is recommended to ignore any emails to do with patching this vulnerability as ‘phishers’ tend to use this kind of circumstance to their advantage.