If you’re running Windows based systems, run your updates pronto, is the short version of the article, but Bruce Schneier’s take on the NSA appearing to try and patch up its public image makes me hesitantly optimistic.
Schneier on Security: Critical Windows Vulnerability Discovered by NSA
Early yesterday morning, NSA’s Cybersecurity Directorate head Anne Neuberger hosted a media call where she talked about the vulnerability and – to my shock – took questions from the attendees. According to her, the NSA discovered this vulnerability as part of its security research. (If it found it in some other nation’s cyberweapons stash – my personal favorite theory – she declined to say.) She did not answer when asked how long ago the NSA discovered the vulnerability. She said that this is not the first time it sent the Microsoft a vulnerability to fix, but it was the first time it has publicly taken credit for the discovery. The reason is that it is trying to rebuild trust with the security community, and this disclosure is a result of its new initiative to share findings more quickly and more often.
Barring any other information, I would take the NSA at its word here. So, good for it.