Microsoft says it will fix flaw said to affect critical Wind
2020-01-16
原标题:Microsoft says it will fix flaw said to affect critical Windows component微软表示将修复据说会影响关键Windows组件的缺陷
By Raphael Satter
(Reuters) - Microsoft Corp said on Tuesday it will roll out a security fix that cybersecurity experts expect will correct a highly dangerous weakness in its popular Windows operating system.
Microsoft Senior Director Jeff Jones said in a statement that the company does not discuss details ahead of an update. But cybersecurity circles have been abuzz https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday for most of the day in anticipation that the fix repairs flaws in how the operating system authenticates and secures data.
The Washington Post reported on Tuesday that the National Security Agency discovered the flaw in recent weeks and alerted Microsoft to the problem.
NSA declined to comment ahead of a phone briefing on Tuesday about the vulnerability.
The NSA had previously come under criticism after it took advantage of vulnerabilities in Microsoft products to deploy hacking tools against adversaries and kept the Redmond, Washington-based company in the dark about it for years. When one of those tools was dramatically leaked to the internet by a group calling itself ShadowBrokers, it was deployed against targets around the globe by hackers of all stripes.
In the most dramatic case, a group used the tool to unleash a massive malware outbreak dubbed WannaCry in 2017. The data-wiping worm wrought global havoc, affecting what Europol estimated was some 200,000 computers in more than 150 countries. (Read story https://www.reuters.com/article/us-cyber-attack-europol/cyber-attack-hits-200000-in-at-least-150-countries-europol-idUSKCN18A0FX )
(Reporting by Raphael Satter; Editing by Richard Chang)
拉斐尔·萨特
路透(路透社)--微软(MicrosoftCorp.)周二表示,将推出一种安全修复方案,网络安全专家预计,这将纠正其受欢迎的Windows操作系统中一个高度危险的弱点。
微软高级董事杰夫·琼斯(JeffJones)在一份声明中表示,微软不会在更新之前讨论细节。但是,,由于预计修复程序修复操作系统认证和保护数据的方法中的缺陷,网络安全界在一天的大部分时间里一直在争论不休的https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday。
“华盛顿邮报”(Washington Post)周二报道称,美国国家安全局(National Security Agency)最近几周发现了这个漏洞,并提醒微软注意这个问题。
美国国家安全局拒绝在周二的电话简报会上就该漏洞发表评论。
美国国家安全局此前曾受到批评,因为它利用微软产品中的漏洞,针对对手部署黑客工具,并多年来一直对这家总部位于华盛顿雷德蒙德的公司保持默默无闻。当其中一个工具被一个自称“暗影经纪人”的组织戏剧性地泄露到互联网上时,它就被各种类型的黑客部署到了全球各地的目标上。
在最具戏剧性的案例中,一个组织利用这个工具在2017年发动了大规模的恶意软件爆发,名为WannaCry。这种擦除数据的蠕虫造成了全球的大破坏,影响到了欧洲刑警组织估计的150多个国家的大约20万台计算机。(阅读故事https://www.reuters.com/article/us-cyber-attack-europol/cyber-attack-hits-200000-in-at-least-150-countries-europol-idUSKCN18A0FX)