Log in
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Microsoft Corporation    MSFT


News SummaryMost relevantAll newsPress ReleasesOfficial PublicationsSector newsMarketScreener StrategiesAnalyst Recommendations

Microsoft : Releases Patch to Severe Windows Flaw Detected by NSA

share with twitter share with LinkedIn share with facebook
share via e-mail
01/14/2020 | 02:55pm EST

By Dustin Volz

WASHINGTON -- Microsoft Corp. released a patch to fix a software vulnerability in its Windows operating system that could allow hackers to breach or surveil targeted computer networks, after the National Security Agency detected the flaw.

U.S. government officials described the vulnerability in Windows 10 -- Microsoft's most popular operating system -- as especially severe and one that Microsoft customers should work to fix immediately by updating their systems. Both Microsoft and the NSA said they hadn't found evidence the flaw had been exploited for malicious purposes.

"We are recommending that network owners expedite the patch immediately, " Anne Neuberger, the chief of the NSA's newly established cybersecurity directorate, told reporters on Tuesday. The agency alerted Microsoft as soon as it discovered the bug, she said.

In a sign of how severe officials considered the flaw, the Department of Homeland Security issued an emergency directive on Tuesday instructing federal agencies to take a series of steps to apply patches to their systems immediately. DHS also said it would hold calls with private industry partners warning about the risks posed by the flaw, said Bryan Ware, a senior official at DHS's Cybersecurity and Infrastructure Security Agency.

"A security update was released on January 14, 2020, and customers who have already applied the update, or have automatic updates enabled, are already protected," Jeff Jones, a Microsoft senior director, said in a statement. "As always, we encourage customers to install all security updates as soon as possible."

The flaw at issue involves a mistake in how Microsoft uses digital signatures to verify software as authentic, which helps block malware from being deployed on a computer. The error would potentially enable hackers to install powerful malware on systems undetected.

NSA hackers often uncover errors in major software that can be exploited for malicious use. The agency has long said it notifies vendors frequently of such flaws so they can be fixed, but it sometimes retains and weaponizes them for offensive use, such as to spy on a hostile foreign military's communications.

But the NSA has been criticized for alerting the private sector to vulnerabilities. Microsoft publicly denounced the agency in 2017 after stolen NSA hacking tools that were leaked online contributed to a global cyberattack involving a Windows flaw.

In that instance, Microsoft President Brad Smith penned a blog post criticizing the U.S. government for keeping the flaw secret for its own purposes, building a powerful cyber weapon and then losing control of it. Mr. Smith at the time likened the situation to "the U.S. military having some of its Tomahawk missiles stolen."

The NSA said at the time that it had worked with Microsoft to patch the problem after learning the hacking tools had been compromised.

Later that year, the Trump administration released a first-of-its-kind public road map outlining the administration's policies regarding major cybersecurity flaws identified -- often in popular consumer software -- by U.S. intelligence agencies. The document lays out guidelines for when the government would disclose the discovery of such flaws and when to keep them secret for possible use in future offensive actions.

The public document that outlined the Vulnerabilities Equities Process, or VEP, said that an annual report would be written "at the lowest classification level permissible and include, at a minimum, an executive summary written at an unclassified level" that may be provided to Congress.

Years later, however, no such information has been made public, and the lack of unclassified details has drawn frustration on Capitol Hill, people familiar with the matter said.

NSA's acknowledgment Tuesday that it found the Microsoft flaw and alerted the company was the first time the agency had done so publicly, Ms. Neuberger said. The development represented a philosophical shift at the NSA that has long sought to balance its dual missions of foreign intelligence and cybersecurity, she said.

"It's really the evolution of a mission," Ms. Neuberger said. "We recognize that no government can secure its most critical networks without the help of the private sector."

Write to Dustin Volz at dustin.volz@wsj.com

Stocks mentioned in the article
ChangeLast1st jan.
INTUIT INC. -0.67% 288.58 Delayed Quote.10.92%
MICROSOFT CORPORATION 0.62% 166.72 Delayed Quote.5.07%
share with twitter share with LinkedIn share with facebook
share via e-mail
09:01aMICROSOFT : and Genesys expand partnership to help enterprises seize the power o..
01/22Amazon asks court to pause Microsoft's work on Pentagon's JEDI contract
01/22Lab-grown meat producer Memphis Meats raises $161 million in funding led by S..
01/22MICROSOFT : Certain Data Exposed After Misconfiguration; No Malicious Use Found
01/22INTERNATIONAL BUSINESS MACHINES : IBM Earnings Offer Signs of Turnaround
01/21How social media services handle political ads
01/21INTERNATIONAL BUSINESS MACHINES : IBM Earnings Hint at Signs of Turnaround -- 2n..
01/21INTERNATIONAL BUSINESS MACHINES : IBM Earnings Hint at Signs of Turnaround -- Up..
01/21INTERNATIONAL BUSINESS MACHINES : IBM Earnings Hint at Signs of Turnaround
01/21ELON MUSK : Surge in Tesla's Stock Price Fans a Fiery Investor Debate -- WSJ
More news
Financials (USD)
Sales 2020 140 B
EBIT 2020 49 655 M
Net income 2020 41 464 M
Finance 2020 71 793 M
Yield 2020 1,22%
P/E ratio 2020 30,7x
P/E ratio 2021 27,3x
EV / Sales2020 8,50x
EV / Sales2021 7,56x
Capitalization 1 264 B
Duration : Period :
Microsoft Corporation Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends MICROSOFT CORPORATION
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus BUY
Number of Analysts 36
Average target price 174,56  $
Last Close Price 165,70  $
Spread / Highest target 23,7%
Spread / Average Target 5,35%
Spread / Lowest Target -9,47%
EPS Revisions
Satya Nadella Chief Executive Officer & Non-Independent Director
Bradford L. Smith President & Chief Legal Officer
John Wendell Thompson Independent Chairman
Jean-Philippe Courtois President-Global Sales, Marketing & Operations
Amy E. Hood Chief Financial Officer & Executive Vice President
Sector and Competitors
1st jan.Capitalization (M$)
SPLUNK INC.4.51%24 414
SYNOPSYS10.21%23 094
SEA LIMITED10.29%20 550