Microsoft is expected to release a security patch Tuesday to fix a major flaw in the Windows operating system.
Why it matters: The flaw reportedly affects a wide range of Windows versions, represents a significant vulnerability and was turned over to Microsoft by the National Security Agency. In the past the NSA has kept some Windows flaws to itself to use for its own purposes.
What's next: Microsoft confirmed a patch is coming at 10 a.m. Pacific Time, but declined to offer details ahead of that.
- "To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available," it said, declining further comment.
Krebs on Security, which reported the existence of the patch Monday night, described it as "an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows."
- Also, per Krebs, Microsoft has already delivered a patch for the bug to the U.S. military and other key customers and potential targets, such as the companies that manage internet infrastructure. Those companies had to agree not to disclose details of the vulnerability.
In a statement, Microsoft said it doesn't release production-ready updates ahead of its regular Update Tuesday schedule, but does give advance versions to partners "for the purpose of validation and interoperability testing in lab environments." Those who get the advance versions are not supposed to use them for production machines.
