The Microsoft communication security flaw that the National Security Agency discovered mainly affects digital security certificates of websites and remote desktop connectivity. News reports have been either wildly inaccurate or exaggerated and this post is a standard security incident response by Matrixforce. The vulnerability and mitigation is published as an Emergency Directive by the Department of Homeland Security that affects Windows 10 and Windows Server 2016 and 2019. On Patch Tuesday, Microsoft provided an update for this vulnerability.

Matrixforce has already patched customer remote desktop and web servers with desktops automatically receiving the update via Microsoft Intune on January 14, 2020.

While the vulnerability is serious, most consumers and business users are protected by their firewall. For most administrators it’s business as usual to apply patches that can’t be done until provided by Microsoft. However, this is a new era in cybersecurity called the Vulnerabilities Equities Process because in the past the NSA would keep vulnerabilities secret to exploit systems around the world. In 2017, the NSA lost control of it’s hacking tool Eternal Blue that was subsequently leaked online by cybercriminals known as the Shadow Brokers. With Windows 10 effectively being the predominant code around the world, the U.S. government has recognized it must change the strategy to do more protect citizens.

Windows 7 is no longer supported as of January 14, 2020 and there will be no further security updates. Upgrade to Windows 10 immediately.

Published by Kevin Fream

Many people don't understand their current situation and become frustrated in business and life, so I created the Delta Method and wrote the #1 Best-Seller "Change Your Game" - as featured at Harvard and NASDAQ as well as national TV news. Streamline your technology for competitive advantage using vetted IT support and take a divergent approach to personal growth. View all posts by Kevin Fream