From FOX 61
NSA alerted Microsoft to major Windows security flaw
By CNN Wire
The National Security Agency (NSA) recently alerted Microsoft to a major flaw in its Windows operating system that would allow hackers to pose as legitimate software companies, agency officials said on Tuesday.
Microsoft issued a software update to fix the vulnerability, as part of its normal schedule for releasing software patches. The flaw concerns a core Windows function that verifies the legitimacy of apps and programs, a feature known as CryptoAPI.
“It’s the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,” said Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission.
By compromising that validation feature, hackers could easily impersonate “good” software companies to install bad software, Soltani said, potentially allowing them to spy on computer users or hold their devices hostage for ransom.
Ashkan Soltani (MIMS 2009) has previously served a brief stint as a Senior Advisor to the U.S. Chief Technology Officer in the White House Office of Science and Technology Policy and as the Chief Technologist for the Federal Trade Commission.