Windows 10: NSA warns Microsoft for the first time in front of the security gap

The gap can only be achieved by the Installation of the on Tuesday released Updates for Windows 10, 8.1 and Windows Server (2012, 2016, and 2019) will be closed.

For the outdated Windows 7 operating system, which runs on millions of PCs, there will be no free security update more. In the note to the monthly security Update, Microsoft simply referred to the fact that the Support for Windows 7 and older Server systems on Tuesday (14. January) had expired.

Patch for Windows 10 available

companies and organizations can be supplied on a paid maintenance contract, with the necessary Patch. In the case of private customers, however, new security gaps can’t be closed.

In the case of U.S. intelligence agencies, there is a balancing process in which it is decided whether one of them discovered security vulnerability exploited by implication or to Close will be reported. A few years ago once the NSA used a vulnerability publicly known and made the wave of attacks with the WannaCry Trojan was possible. The malicious program encrypted Computer and demanded ransom. Were affected, among other things, British hospitals and Advertisements at train stations in Germany.

found out the NSA

In the current case, the NSA found out that Windows would, under the circumstances, fake trust certificates accepted. Such certificates the requirement that the programs may run on computers that are, in many cases. This System was generally still safe, only its implementation in this particular case would need to be corrected, stressed the NSA.


  • Windows 7 before Microsoft Support ends use: As users are now on Windows 10 upgrade
  • the System does not continue – Microsoft ended Support in January: The users of Windows 7 will now have to

Technically, the error has to do knowledge in the examination of signatures to a vulnerability in a Software component for encryption technology (Windows CryptoAPI) to. This applies both for code signatures, as well as for so-called TLS-certificates. During an attack, the user will have no way to detect a file as malicious, since the digital signature appears to be from a trusted provider, explained Microsoft.

FOCUS Online provides you daily with the most important news from the Digital Department. Here you can subscribe to the Newsletter.

extend battery life: This power guzzlers should extend from the Smartphone to throw FOCUS Online/Wochit battery life: This power hungry you should from your Smartphone

throw Best offer on praise/dpa

Exit mobile version