NSA Helps Microsoft with a Fairly Major Windows Security Flaw

  • Jeff Moden

    SSC Guru

    Points: 996064

    An unprecedented move for sure.  Here's the link.  The patch came out today (1/14/2020).

    https://www.yahoo.com/news/us-microsoft-nsa-security-flaw-182512448.html

    I have to admit, I'm a bit of a skeptic when the government tries to "help" a company like Microsoft especially when these two institutions are involved.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • Grant Fritchey

    SSC Guru

    Points: 396384

    Yeah, I see where the paranoia comes from. However, I can also see how the NSA would prefer a more secure Windows OS.

    ----------------------------------------------------
    The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood...
    Theodore Roosevelt

    The Scary DBA
    Author of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd Edition
    Product Evangelist for Red Gate Software

  • Matt Miller (4)

    SSC Guru

    Points: 124208

    Thanks for sharing it.  Great to see that cooperation is happening. Of course the cynic in me couldn't help but note there is no specific info as to WHEN the NSA found the flaw....

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Jeff Moden

    SSC Guru

    Points: 996064

    Grant Fritchey wrote:

    Yeah, I see where the paranoia comes from. However, I can also see how the NSA would prefer a more secure Windows OS.

    Heh... the first thought that came to my mind when I read your reply was "Aye... so say we all".

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

  • Eirikur Eiriksson

    SSC Guru

    Points: 182425

    Jeff Moden wrote:

    An unprecedented move for sure.  Here's the link.  The patch came out today (1/14/2020).

    https://www.yahoo.com/news/us-microsoft-nsa-security-flaw-182512448.html

    I have to admit, I'm a bit of a skeptic when the government tries to "help" a company like Microsoft especially when these two institutions are involved.

    From the looks of it, NSA has been using this for it's purposes for a while but now that might be turning against them, it has become an asset/access deemed worth sacrificing for "good" publicity.

    😎

    How many entries from the likes of NSA do we see in the common vulnerability databases?

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply