Η Microsoft αναμένεται να κυκλοφορήσει μια ενημέρωση για μια ευπάθεια που περιγράφεται σαν “εξαιρετικά τρομακτική” (extraordinarily scary) που υπάρχει σε όλες τις εκδόσεις των Windows. Η επιδιόρθωση θα κυκλοφορήσει αργότερα σήμερα σαν μέρος του Patch Tuesday January 2020.
Security researcher Brian Krebs reports that vulnerabilities exist in a key cryptographic component that exists in all versions of Windows. A successful exploitation could allow an attacker to mislead the system with digitally signed software.
The security gap is believed to be extremely serious and according to more information set were published at KrebsOnSecurity, the U.S. military and a number of other Microsoft customers have already installed the pre-scheduled release on January 14 for everyone else. This is because of the fact that all of these Microsoft customers have signed agreements to receive security updates in a timely manner prior to general availability.
Η ευπάθεια, η οποία θα μπορούσε να επιτρέψει σε έναν εισβολέα να τρέξει κάποιο κακόβουλο λογισμικό σαν μια αξιόπιστη application, προκάλεσε προφανώς ανησυχίες και στον Οργανισμό Εθνικής Ασφαλείας (NSA) των Ηνωμένων Πολιτειών, και η Director of Cybersecurity Anne Neuberger is expected to describe the vulnerability today.
Microsoft, meanwhile, has denied that it made the update available to some of its customers before it went public through Patch Tuesday.
Here we should add that Tuesday, January 14 is the last day of updates for Windows 7, since the 2009 operating system is coming to an end supports today.
However, we should not be surprised if Microsoft decides to release security updates for Windows 7 and other critical vulnerabilities, such as the one described in this post, in the near future. We have seen it in Windows XP.
All the details of the vulnerability mentioned above will be made public later today, for obvious reasons.