Security News > 2020 > January > Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows.

Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

KrebsOnSecurity has heard rumblings from several sources over the past 48 hours that this Patch Tuesday will include a doozy of an update that will need to be addressed immediately by all organizations running Windows.

"Update 7:49 p.m. ET: Microsoft responded, saying that it does not discuss the details of reported vulnerabilities before an update is available. The company also said it does"not release production-ready updates ahead of regular Update Tuesday schedule.

Will Dormann, a security researcher who authors many of the vulnerability reports for the CERT Coordination Center, tweeted today that "People should perhaps pay very close attention to installing tomorrow's Microsoft Patch Tuesday updates in a timely manner. Even more so than others. I don't knowjust call it a hunch?" Dormann declined to elaborate on that teaser.

News URL

https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/