Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
1-min read

Microsoft Releases Security Patch for Spoofing Flaw Reported by NSA

The Windows bug reported by the NSA allowed attackers to run malicious software by imitating legitimate software on a vulnerable system.

Trending Desk

Updated:January 16, 2020, 1:20 PM IST
facebookTwitter Pocket whatsapp
Microsoft Releases Security Patch for Spoofing Flaw Reported by NSA
Image for Representation

Microsoft recently released a security patch for a dangerous 'spoofing vulnerability' that could potentially impact the Windows operating system. The bug was discovered and reported by the US National Security Agency NSA and revealed by NSA Director of Cybersecurity Anne Neuberger in a press conference. According to Microsoft, the spoofing vulnerability exists in the way "Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates".

Reports have highlighted the fact that bug may allow attackers to run malicious software by imitating legitimate software on a system that is vulnerable. The tech website further reported that the National Security Agency confirmed to reporters via a call that it discovered the vulnerability and forwarded the details to Microsoft for it to build a fix.

“The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider,” Microsoft said on its webpage, revealing that the attacker could exploit the vulnerability by using a "spoofed code-signing certificate,' allowing the attacker to decrypt confidential information on user connections. An advisory by Carnegie Mellon University said that the bug could also be used to intercept and modify HTTPS or TLS communications, which are used for secure communication over a computer network.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: Chhavianshika Singh
Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results