Microsoft is expected to release a vulnerability described as "extraordinarily scary" in all versions of Windows. The patch will be released later today as part of the Patch Tuesday January 2020.
Security researcher Brian Krebs reports that vulnerabilities exist in a key cryptographic component that exists in all versions of Windows. A successful exploitation could allow an attacker to mislead the system with digitally signed software.
The security gap is believed to be extremely serious and according to more information set were published at KrebsOnSecurity, the U.S. military and a number of other Microsoft customers have already installed the pre-scheduled release on January 14 for everyone else. This is because of the fact that all of these Microsoft customers have signed agreements to receive security updates in a timely manner prior to general availability.
The vulnerability, which could allow an attacker to run a malicious software as a trusted application, it apparently also raised concerns with the United States' National Security Agency (NSA), and Director of Cybersecurity Anne Neuberger is expected to describe the vulnerability today.
Microsoft, meanwhile, has denied that it made the update available to some of its customers before it went public through Patch Tuesday.
Let's add that Tuesday, January 14 is the last day of updates for Windows 7, since the 2009 operating system reaches the end of support today.
However, we should not be surprised if Microsoft decides to release security updates for Windows 7 and other critical vulnerabilities, such as the one described in this post, in the near future. We have seen it in Windows XP.
All the details of the vulnerability mentioned above will be made public later today, for obvious reasons.
