UPDATE 2 Microsoft’s January 2020 Patch Tuesday Fixes 49 Vulnerabilities; Using one flaw attackers could cause malware to appear as code-signed by legitimate companies, conduct man-in-the-middle attacks, and decrypt encrypted information over network connections. https://www.bleepingcomputer.com/news/microsoft/microsofts-january-2020-patch-tuesday-fixes-49-vulnerabilities/
UPDATE: National Security Agency Confirms Windows 10 Security Flaw ‘Makes Trust Vulnerable’ “If the NSA reported it,” security professional John Opdenakker says, “I think that the impact of the vulnerability being exploited is high. Until we have more information, we can’t say anything about the actual risk for the average user.” https://www.forbes.com/sites/daveywinder/2020/01/14/national-security-agency-confirms-windows-10-security-flaw-makes-trust-vulnerable/ You should put together a test computer with any proprietary software or non-off-the-shelf, mission essential software and test the patch first.
UPDATE: National Security Agency Confirms Windows 10 Security Flaw ‘Makes Trust Vulnerable’
“If the NSA reported it,” security professional John Opdenakker says, “I think that the impact of the vulnerability being exploited is high. Until we have more information, we can’t say anything about the actual risk for the average user.”
January 14, 2020 – Microsoft MAY release a patch TODAY that is supposed to fix a huge security vulnerability. I am providing this notification because I recommend that only a test computer be patched, IF you are running non-off-the-shelf software. That is anything that you can’t buy at a store, like Office programs, etc. If you are using any proprietary software or software designed for your business systems, then you should ALWAYS test Microsoft patches before implementing them. This is a story by Brian Krebs, a leading #cybersecurity journalist. “Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog.” https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
By Brian Krebs
Microsoft fixes NSA’s ‘extraordinarily serious’ Windows security flaw: What you need to know”
Microsoft today fixed a Windows security flaw that independent information-security report Brian Krebs had yesterday (Jan. 13) described as “an extraordinarily serious security vulnerability.”
If and when you’re prompted by your PC to update your machine — and you probably will be by tomorrow morning — you should do so.
Now that we’ve seen Microsoft’s explanation of the vulnerability, it is indeed very serious, although Microsoft puzzlingly classifies it as “Important” rather than “Critical.” https://www.tomsguide.com/news/microsoft-patch-tuesday-jan20
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/