On Tuesday, the National Security Agency (NSA) announced it had found a “severe” security flaw affecting Microsoft’s Windows 10, Windows Server 2016, and Windows Server 2019. The flaw allows hackers to use fake security certificates to install malware that looks like real, trustworthy software. This malware then gives hackers access to confidential information stored on affected PCs, and the vulnerability could be used to infiltrate networks as well.
Microsoft was quick to respond, releasing a patch (titled “update KB4528760”) the same day the security flaw was made public. This patch is designed for users who have already installed the Windows 10 May 2019 and Windows 10 November 2019 updates.
However, some users have found themselves unable to install the patch, instead receiving error messages. The number of users unable to install the patch has been relatively low, but given the severity of the vulnerability coupled with how publicized the flaw has been, users are rightfully concerned about the failure of Microsoft’s patch.
It is highly unusual for the NSA to inform a company about any cybersecurity flaws they find, partly because doing so draws the attention of hackers to the flaws, making it more likely they will attempt to exploit them, and partly because agencies like the NSA have been known to use these vulnerabilities themselves.
For now, the best solution is to install the update manually by visiting the Microsoft Update Catalog. From there, search for “KB4528760” and click download.
TracSoft will keep you updated as more information is released.
Are you concerned about the security of your business network? Do you know what updates you should or shouldn’t install? Let the experts at TracSoft remove the guesswork with our secure, dependable OS and patch management services. We thoroughly test patches and updates before anything is ever installed on your network, preventing software conflicts and security vulnerabilities. Find out more today about how TracSoft can protect the technology that matters to you.