NSA Alerts Microsoft Windows to Security Breach


The National Security Agency tipped off Microsoft Tuesday to a major Windows security breach, the company reports it has issued a fix. 

According to Bloomberg, Microsoft says there it wasn't a cyber-attack.

In an effort to be more transparent, Microsoft releases security updates on the second Tuesday of each month. 

“We follow the principles of coordinated vulnerability disclosure (CVD) as the industry best practice to protect our customers from reported security vulnerabilities,” Jeff Jones, a Senior Director at the company said in the statement. “To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available.”

The breach is in a part of Windows software known as Crypt32.dll, according to those familiar with the flaw. "Crpypt32 is used by the Windows and Windows Server operating systems -- to implement “many of the Certificate and Cryptographic Messaging functions in the CryptoAPI, such as CryptSignMessage” -- according to Microsoft. This means that the flaw could affect a broad range of users," according to Bloomberg.