Instead of keeping a potential hacking resource to itself, the National Security Agency reportedly alerted Microsoft to a serious security flaw in the that could open computers to major breaches or surveillance.
Microsoft will issue a patch for the flaw on Tuesday during, according to The Washington Post. The company said it doesn’t discuss details of reported vulnerabilities before an update is available in order to “prevent unnecessary risk to customers, security researchers and vendors.” Microsoft is scheduled to release this month’s updates and technical information later today as part of its regular Update Tuesday.
The NSA declined to comment but reportedly confirmed in a briefing Tuesday morning that the agency did indeed discover the vulnerability and disclose it to Microsoft. When the patch is released later today, it will be the first time Microsoft has credited the NSA for reporting a security flaw, according to security expert Brian Krebs.
Microsoft reportedly has seen not active exploitation of the flaw.
Originally published Jan. 14, 8:17 a.m. PT.
Update, 8:34 a.m.: Adds comment from Microsoft and more background.