Security Advisor

Microsoft Gives NSA Early Access to Zero-Day Security Info

Microsoft is just one of many who have been sharing information on hardware specs and software vulnerabilities with government organizations.

According to anonymous sources at Bloomberg, Microsoft routinely sends the National Security Agency (NSA) information on newly discovered security issues before publicly releasing a fix.

The practice is just one of thousands of examples of the NSA receiving private information from the tech industry in exchange for "receiving benefits that include access to classified intelligence," according to a report released today.

Microsoft's willingness to share data with the NSA first, before the public, gives the government the ability to protect systems from zero-day attacks, but it also provides the NSA with an opportunity

"Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials," read the Bloomberg report.  "Microsoft doesn't ask and can't be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential."

Discussing this exchange of information, Microsoft spokesperson Frank Shaw told Bloomberg that this is just one of many instances in which the company provides the government with security information.

Microsoft isn't the only software company that routinely feeds the government information on newly discovered security vulnerabilities. According to the report, McAfee also participates in a similar activity. However, Michael Fey, the company's worldwide chief technology officer, argues that data on specific individuals is never shared with the NSA.

"We do not share any type of personal information with our government agency partners," Fey said in an e-mailed statement to Bloomberg. "McAfee's function is to provide security technology, education, and threat intelligence to governments."

Other info allegedly handed to the government by the tech industry includes non-personal data that includes specific hardware specs, network operational data and software vulnerabilities.

Today's report comes just one week after the company denied involvement in the newly publicly disclosed NSA program called Prism -- an operation that collects private user data from companies like Microsoft, Google and Apple. However, allegedly leaked NSA slides accused Microsoft of being willing participants in the program as far back as 1997 and even include allowing the NSA access to eavesdrop on private Skype conversations in a separate program.

What's your take? Should tech firms like Microsoft continue to share zero-day security data with the government, prior to the public, because it adds to U.S. national security protections? Or are such actions kind of sketchy given global cyberwar tendencies and the potential for unchecked governmental abuses of power? Share your thoughts in the comments below.

About the Author

Chris Paoli is the site producer for and


  • Office 365 Attack Simulator Now Supports Attachments

    The Attack Simulator in Office 365 tool has been updated and now has the ability to include message attachments in targeted campaigns, according to a Friday Microsoft announcement.

  • How To Disable Touch Input in Windows 10

    When the touchscreen on your Windows 10 laptop goes bad, there's no reason to throw that baby out with the bath water.

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.