Windows 10 updates you need to apply

cgori

Member
SoSH Member
Oct 2, 2004
4,005
SF, CA
We don't have a thread to notify people of urgent patches, or at least not that I could find, so I figured I would start one. Other people who know about such things, feel free to reply in this thread.

I got sent notice from 2-3 sources today that this one is very high priority to apply:
https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
The vuln is particularly bad for anyone who runs with admin rights, and it's a remote exploit, from what I can see. The NSA decided this was bad enough that they didn't want to weaponize it (!) and rather would have it fixed.

The patch is KB4532938 in Windows Update, I believe, so that's the thing to make sure you have applied.
 

djbayko

Member
SoSH Member
Jul 18, 2005
25,895
Los Angeles, CA
We don't have a thread to notify people of urgent patches, or at least not that I could find, so I figured I would start one. Other people who know about such things, feel free to reply in this thread.

I got sent notice from 2-3 sources today that this one is very high priority to apply:
https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
The vuln is particularly bad for anyone who runs with admin rights, and it's a remote exploit, from what I can see. The NSA decided this was bad enough that they didn't want to weaponize it (!) and rather would have it fixed.

The patch is KB4532938 in Windows Update, I believe, so that's the thing to make sure you have applied.
That must mean they have something way better.

Edit: And maybe intelligence that other countries know about this one :)
 
Last edited:

cgori

Member
SoSH Member
Oct 2, 2004
4,005
SF, CA
That must mean they have something way better.

Edit: And maybe intelligence that other countries know about this one :)
Maybe, but this is the first time they've ever done this kind of reporting, or at least that is what is claimed.
 

HriniakPosterChild

Member
SoSH Member
Jul 6, 2006
14,841
500 feet above Lake Sammammish
Tech Review (MIT): The NSA found a dangerous flaw in Windows and told Microsoft to fix it

Not so long go, the NSA would have simply used the exploit for its own offensive goals, but the country’s intelligence agencies have changed their strategy in the last decade. The decision to fix the flaw rather than use it as a weapon represents a victory for the NSA’s Cybersecurity Directorate, the recently launched department charged with the agency’s cyberdefense mission.
“When the new cybersecurity directorate was first stood up, we noted we wanted to do things differently,” said Anne Neuberger, the director of the department. “We want a new approach to sharing, to build trust with the cybersecurity community. This is one key aspect of that.”
The NSA said it has not seen any exploits of the Windows flaw. Microsoft, which has extraordinary visibility into which exploits are used around the world, also says it has not seen the flaw exploited.