Security News > 2020 > January > NSA Uncovers 'Severe' Microsoft Windows Vulnerability

The U.S. National Security Agency took the unusual step Tuesday of announcing what it calls a "Severe" vulnerability in Microsoft's Windows 10 operating system ahead of Microsoft's Patch Tuesday security update.

The U.S. Department of Homeland Security released a statement Tuesday ordering all federal agencies to patch the vulnerability and urging all Windows users to apply the security patch provided by Microsoft within 10 days.

The vulnerability affects versions of Windows 10 as well as Windows Server 2016 and 2019.

Mechele Gruhn, principal security program manager for the Microsoft Security Response Center, says that the company has classified the vulnerability as "Important" because it hasn't been exploited, but the NSA classifies it as "Severe."

In the past, if the agency found this type of Windows vulnerability, it would have kept the information to itself and possibly used it for its own spying capabilities or as part of its offensive cyber efforts, according to CNBC. In its advisory Tuesday, the NSA notes the severity of the vulnerability is one reason why it decided to disclose it to Microsoft first and then eventually to the public, even though it hasn't been actively exploited.

News URL

https://www.inforisktoday.com/nsa-uncovers-severe-microsoft-windows-vulnerability-a-13607