Ahead of its first Patch Tuesday of 2020, Microsoft is rumored to be releasing a fix for an “extraordinarily serious security vulnerability,” according to KrebsOnSecurity. The component in question is present in all current forms of Windows operating systems, all the way back to Windows NT 4.0.
Today is also the last day for Windows 7 support — which means the operating system will still receive this important update.
Shipped ahead of time to the military? — KrebsOnSecurity has also received reports that the patch was sent ahead of time to important internet infrastructure organizations like the U.S. military. Microsoft has stated that any advanced patches are for testing purposes only and are not to be applied to live environments.
The patch also lines up almost exactly with a report that the NSA’s Director of Cybersecurity will be hosting a call with the news media to “provide advanced notification of a current NSA cybersecurity issue. Coincidence?
Rumors abound — The rumblings of an important update seem to have begun with a tweet by Will Dormann, a vulnerability analyst at the CERT. Dormann says users should “pay very close attention” to installing the update as quickly as possible.
Other users replied with similar notices. One user who works for a federal agency reported receiving emails specifically mentioning that all users must perform Windows updates on Tuesday.
Microsoft won’t discuss details — When asked for comment, Microsoft responded by stating that it does not discuss the details of vulnerabilities before an update has been made available.
Update: The NSA revealed this afternoon that the organization did, in fact, discover the vulnerability, which could be used to allow hackers to intercept secure communications. The NSA warned Microsoft about the flaw so it could update accordingly. Microsoft has stated that it hasn't seen any evidence of the flaw being used by hackers. A fix is now available to all users through the Windows Update console.