Microsoft’s Security Flaw

Andrew Gu ‘23

On January 14, the National Security Agency (NSA) alerted Microsoft of a major flaw in its Windows 10 operating system which could let hackers pose serious threats to users, such as security breaches, surveillance, and disruption. 


CryptoAPI, the feature causing this major flaw, enables developers to secure their apps with cryptography. “It’s the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,” said Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission [1]. With this flaw, people could manipulate this flaw so that consumers would download viruses and malware instead of the original apps they intended on downloading.


Microsoft quickly released a patch to fix the vulnerability, as part of its established schedule for releasing patches. However, this situation was unprecedentedly serious—rather than use the bug to test new devices and programs, as it has in the past, the NSA shared the information of the flaw with private sector companies, exemplifying the magnitude of the threat that this bug had on businesses and customers around the world.  


To effectively resolve this threat, it is up to consumers to download this new update before the CryptoAPI flaw can damage their computers. Bryan Ware, the Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) “[stresses] the urgency” of this patch to national, international, state, local and tribal partners and directing federal agencies to implement it within 10 days [2]