Security News > 2020 > January > Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows.
Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.
KrebsOnSecurity has heard rumblings from several sources over the past 48 hours that this Patch Tuesday will include a doozy of an update that will need to be addressed immediately by all organizations running Windows.
"Update 7:49 p.m. ET: Microsoft responded, saying that it does not discuss the details of reported vulnerabilities before an update is available. The company also said it does"not release production-ready updates ahead of regular Update Tuesday schedule.
Will Dormann, a security researcher who authors many of the vulnerability reports for the CERT Coordination Center, tweeted today that "People should perhaps pay very close attention to installing tomorrow's Microsoft Patch Tuesday updates in a timely manner. Even more so than others. I don't knowjust call it a hunch?" Dormann declined to elaborate on that teaser.
News URL
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
Related news
- August 2024 Patch Tuesday forecast: Looking for a calm August release (source)
- Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)