On Air Now

Listen Now

Weather

clear-day
32°
Very Cold
H 40° L 25°
  • clear-day
    32°
    Current Conditions
    Very Cold. H 40° L 25°
  • very-cold-day
    40°
    Today
    Very Cold. H 40° L 25°
  • very-cold-day
    42°
    Tomorrow
    Very Cold. H 42° L 24°
Listen
Pause
Error

News on-demand

00:00 | 00:00

Listen
Pause
Error

Traffic on-demand

00:00 | 00:00

Listen
Pause
Error

Weather on-demand

00:00 | 00:00

Business
NSA finds major security flaw in Windows 10, free fix issued
Close

NSA finds major security flaw in Windows 10, free fix issued

NSA finds major security flaw in Windows 10, free fix issued
Photo Credit: AP Photo/Alan Diaz
FILE - This Aug. 7, 2017, file shows a Microsoft Widows sign on display at a store in Hialeah, Fla. The National Security Agency has discovered a major security flaw in Microsoft's Windows operating system. Microsoft says the NSA notified the company about it. A fix was made available Tuesday, Jan. 14, 2020. (AP Photo/Alan Diaz)

NSA finds major security flaw in Windows 10, free fix issued

The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could let hackers intercept seemingly secure communications.

But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone.

Microsoft released a free software patch to fix the flaw Tuesday and credited the intelligence agency for discovering it. The company said it has not seen any evidence that hackers have used the technique.

Amit Yoran, CEO of security firm Tenable, said it is “exceptionally rare if not unprecedented” for the U.S. government to share its discovery of such a critical vulnerability with a company.

Yoran, who was a founding director of the Department of Homeland Security's computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.

An advisory sent by the NSA on Tuesday said “the consequences of not patching the vulnerability are severe and widespread.”

Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.

"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," the company said.

If successfully exploited, attackers would have been able to conduct "man-in-the-middle attacks" and decrypt confidential information they intercept on user connections, the company said.

“The biggest risk is to secure communications,” said Adam Meyers, vice president of intelligence for security firm CrowdStrike.

Some computers will get the fix automatically, if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings.

Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA's involvement. Microsoft and the NSA both declined to say when the agency privately notified the company.

The agency shared the vulnerability with Microsoft “quickly and responsibly,” Neal Ziring, technical director of the NSA's cybersecurity directorate, said in a blog post Tuesday.

Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the “constructive role” that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it’s likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.

The revamping of what’s known as the “Vulnerability Equities Process” put more emphasis on disclosing vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.

Those changes happened after a mysterious group calling itself the “Shadow Brokers” released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to repair their systems. The U.S. believes that North Korea and Russia were able to capitalize on those stolen hacking tools to unleash devastating global cyberattacks.

Read More

News

  • On the eve of the impeachment trial of President Donald Trump, the president’s legal team said Monday called the case “flimsy” and a “dangerous perversion of the Constitution,” according to The Associated Press. The brief, which was filed Monday in anticipation of arguments expected this week in the Senate impeachment trial, dismisses the case as a “brazenly political act” by the House of Representatives, The New York Times reported. The legal team also claims in its brief that the “rigged process” should be rejected by the Senate, the newspaper reported. The brief further states that neither of the two articles of impeachment against Trump are valid because they do not state a violation of the law, the Times reported. The 110-page brief from the White House asserts the case was never about finding the truth, the AP reported. 'Instead, House Democrats were determined from the outset to find some way — any way — to corrupt the extraordinary power of impeachment for use as a political tool to overturn the result of the 2016 election and to interfere in the 2020 election,” Trump’s legal team wrote, according to the AP. “All of that is a dangerous perversion of the Constitution that the Senate should swiftly and roundly condemn.” Proceedings in the impeachment trial are scheduled to begin Tuesday.
  • You might know him as Khal Drogo. Others see him as Aquaman. Regardless, actor Jason Momoa brought plenty of smiles to patients and families at UPMC Children’s Hospital in Pittsburgh. Hospital officials said Momoa visited the facility while taking a break filming his Netflix feature in Pittsburgh, WPXI reported. The hospital posted photos on social media of the actor visiting patients at the facility. The Netflix movie, “Sweet Girl,” will begin filming in the fall. Momoa is producing it.
  • That was sew nice. A stray cat in Wisconsin lost her ears to an infection, but now she has some new ones after a woman crocheted her some new ones, WTMJ reported. The cat, named Lady in a Fur Coat, had to have her ear flaps removed according to the Dane County Humane Society. The feline was bought into the Humane Society in December and began treatment for chronic ear infections, spokeswoman Marissa DeGroot told CNN. The cat’s appearance was a little unsettling, so Ash Collins, who works at the Humane Society, decided to crochet Lady an ear bonnet, CNN reported. It took some gentle persuasion and treats, but the cat finally was fitted into her new purple ears. “It’s amazing because we see these strays and medical cases come in and I think we’re always surprised by their resiliency,” DeGroot told CNN. Less than 24 hours after the Humane Society posted the cat’s story on Facebook, Lady was adopted.
  • A New Hampshire man died Sunday night when his snowmobile fell through the ice on the largest lake in Maine, authorities said. Steven K. Allard, 56, of South Hampton, was returning from snowmobiling with his wife on Moosehead Lake when his vehicle broke through the ice on the west side of the lake, the Bangor Daily News reported. Allard’s snowmobile fell into the ice near the mouth of the Moose River, according to Mark Latti, a spokesman for the Maine Department of Inland Fisheries and Wildlife. Allard was pulled from the lake at 10:15 p.m. but he was unresponsive, Latti told the Daily News. Allard was taken to an area hospital, where he was pronounced dead, Latti said. “Snowmobilers need to stay aware of their surroundings and understand that ice conditions can change quickly,” Sgt. Bill Chandler, of the Maine Warden Service, told the Daily News. “This section of the lake, where the Moose River flows into Moosehead Lake, always has poor ice, and that is why there are marked trails on the lake so that snowmobilers can avoid the bad ice in this area.”
  • A woman was shot Friday night after an argument at an Applebee’s restaurant in South Carolina, authorities said. Joseph Raekwon Rapp, 23, of Greenwood, was charged with attempted murder and possession of a weapon during a violent crime, The State newspaper of Columbia reported. The woman, whose name and condition were not disclosed, was shot twice in the upper body, according to Greenville police. She was taken to an area hospital for surgery, WHNS reported. According to a news release, Rapp and the woman were arguing in the crowded restaurant around 9:21 p.m., WSPA reported. Greenwood police Maj. T.J. Chaudoin said the relationship between the two was not immediately clear, but describe the incident as a domestic situation, the Index-Journal of Greenwood reported. “Obviously there were a lot of people eating here tonight who were very startled,” Chaudoin told the newspaper. Rapp fled the restaurant but later turned himself in at the Greenwood County Detention Center, the newspaper reported. According to the public index, Rapp was out on bond while awaiting trial, the Index-Journal reported.
  • Police in Fayetteville, North Carolina, said a woman and a 1-month-old baby are safe after a man broke into a home and forced them into a car at gunpoint, according to WTVD. The man is in custody, according to police. The home invasion and kidnapping happened Monday at 1:12 a.m. Update 12:32 p.m. EST Jan 20: According to police, Wani Thomas broke into the home early Monday and forced Jasmine Livermore and the baby boy, Nathaniel Thomas, into a vehicle, WSOC-TV reported. Authorities said Livermore and the child were found safe around 8 a.m., the television station reported. In a Facebook post, Fayetteville police said Wani Thomas was in custody and would be processed at the Cumberland County Detention Center. Original report: Police in Fayetteville, North Carolina, said a man broke into a home and forced a woman and a 1-month-old boy into a car at gunpoint, according to WTVD. The home invasion and kidnapping happened Monday at 1:12 a.m. Wani Thomas broke into a home on Tangerine Drive and forced Jasmine Livermore and the baby boy, Nathaniel Thomas, into a vehicle, police said. Authorities are currently searching for all three. Thomas is considered armed and dangerous and last seen wearing a brown jacket with blue jeans. Livermore, 20, was last seen wearing gray pants, a brown shirt and a camouflage jacket. Anyone with information should call Fayetteville police at (910) 676-2597 or Cumberland County Crimestoppers at (910) 483-8477.