NSA and Github ‘rickrolled’ using Windows CryptoAPI bug – Naked Security

On Monday this week, the big cybersecurity news was speculative.

Was there a big, bad security bug in Microsoft Windows waiting to be announced the next day?

On Tuesday, the big news was the announcement that everyone had been guessing about.

Yes, there was a big bad bug, and it was in the Windows CryptoAPI.

It wasn’t a wormable remote code execution hole, so it wasn’t quite a WannaCry virus waiting to break out…

…but it was the first Patch Tuesday bug ever credited to the NSA.

That’s the US National Security Agency, ironically the very same the organisation that originally came up with the ETERNALBLUE exploit that ended up in the WannaCry virus after somehow escaping from the NSA’s control.

This time, the NSA gave the bug to Microsoft to patch the hole proactively, and here we are!