14 DAY TRIAL // Microsoft is projected to release a security patch for what is being described as an “extraordinarily scary” vulnerability that exists in all Windows versions. The fix will be published later today as part of the January 2020 Patch Tuesday cycle.
Security researcher Brian Krebs says the vulnerability exists in a core cryptographic component that exists in all Windows versions. A successful exploit could allow a malicious actor to spoof the source of digitally signed software.
The security flaw is believed to be extremely serious, and according to more information posted on KrebsOnSecurity, the US military and a series of other high-profile Microsoft customers have already been provided with the security patch prior to the scheduled January 14 launch for everyone else. By the looks of things, all these customers have been asked to sign agreements to prevent information disclosure before general availability.
The vulnerability, which could allow an attacker to launch malware as trusted applications, has apparently caused concerns over at the United States National Security Agency (NSA) as well, as Director of Cybersecurity Anne Neuberger is expected to host a media call today to discuss what is being described as a cybersecurity issue. No further specifics are provided.
Windows 7 EOL
In the meantime, Microsoft has denied for the cited source that production updates supposed to fix problems in its operating systems are released to customers before the public Patch Tuesday rollout begins.
The January 14 Patch Tuesday is also the last one for Windows 7. The 2009 operating system reaches the end of support today, so no other further security fixes will be released for this version.
However, I wouldn’t necessarily be surprised if Microsoft does decide to issue emergency patches for Windows 7 is other critical security vulnerabilities like the one described here are discovered in the near future.
Full details about the flaw will be provided later today when the patch goes live.