Since Edward Snowden's 2013 revelations, we have known that the US secret service NSA is spying wherever it can. To do this, extensive searches are made for gaps in the security of the operating systems. A bug in Windows 10 was probably too dangerous even for the spies. In a public call, the NSA warns of the danger of the vulnerability.
The vulnerability attacks trust in Windows – literally. The affected file with the sonorous name crypt32.dll is used to guarantee the trustworthiness of websites, programs and encryption. Attackers could therefore use the gap to disguise attacks as trustworthy processes and thus undermine numerous security measures of the system, the NSA warns in a statement about the error. It currently only exists in Windows 10 and Windows Server.
+++ Edward Snowden on surveillance: "We shouldn't stop sending penis pictures" +++
How to protect your computer
"When we discovered this serious cryptography gap, we immediately contacted the company in question," said Anne Neuberger, head of the cybersecurity department of the secret service at a press conference. Microsoft reacted promptly: The error was already fixed in the Windows update released yesterday. End users and administrators should therefore update all computers as soon as possible, the NSA and the Windows Group recommend. Companies where this is not easily possible should at least secure the access points and monitor possible access attempts, recommends Neuberger.
According to Microsoft, there is currently no evidence that the vulnerability has been actively exploited. According to the NSA, this should change soon: Hackers should quickly find ways to make the error usable for attacks. "Tools for attacks will be available quickly and widely," warns the NSA. The only protection is a quick update.
"A widespread use or automated attacks, which infect large parts of the Internet users with malware in a short time, are currently not to be expected due to this security gap," says Professor Dominik Herrmann, who teaches at the University of Bamberg on IT security. "According to the current state of the art, the security gap can only be exploited by well-equipped attackers who have the possibility to intervene in the data traffic of users. In addition to secret services and law enforcement agencies, this includes, of course, the mobile radio and Internet access providers, but also the operators of WLANs.
NSA's new strategy
One of the most remarkable aspects of the vulnerability is that it was the NSA of all people who reported it and made a public statement about it. The secret service hit the headlines in 2017 because it had kept an extremely dangerous hole in all Windows systems secret for five years and used it for attacks itself. This was only discovered when the cyber weapon called "Eternal Blue" was captured by criminal hackers and sold via the Darknet.
However, the NSA did not actively use this gap, emphasized Neuberger. The report is part of an effort to report any gaps found to the companies concerned, thereby ensuring increased security. Apparently the NSA is trying to improve its battered reputation a bit.
Swell: NSA Press Release, Microsoft, Wired, Cancer on Security