The latest Patch Tuesday comes with more urgency than usual.
Data Breach Today reports:
The U.S. National Security Agency took the unusual step Tuesday of announcing what it calls a "severe" vulnerability in Microsoft's Windows 10 operating system ahead of Microsoft's Patch Tuesday security update. The flaw could allow attackers to execute man-in-the-middle attacks or decrypt confidential data within applications.
The U.S. Department of Homeland Security released a statement Tuesday ordering all federal agencies to patch the vulnerability and urging all Windows users to apply the security patch provided by Microsoft within 10 days.
The vulnerability, which is listed as CVE-2020-060, is a spoofing flaw that affects Windows' CryptoAPI, a component that handles cryptographic operations within the operating system. This part of the OS validates elliptic curve cryptography certificates, which allow for public-key cryptography, according to a Microsoft security advisory.