Illustration: Sarah Grillo/Axios

Microsoft is releasing a security patch Tuesday to fix a major flaw in the Windows operating system. Although Microsoft says it hasn't seen evidence the issue has been exploited in the wild, it could allow an attacker to "decrypt confidential information."

Why it matters: The flaw represents a significant vulnerability and was turned over to Microsoft by the National Security Agency. In the past, the NSA has kept some Windows flaws to itself to use for its own purposes.

What's next: Microsoft confirmed details of the flaw and the release of the patch, adding that its security software can detect and block malware attempting to use this vulnerability. ​It affects versions of Windows 10 as well as the 2016 and 2019 versions of Windows Server, but not Windows 7, Windows 8 or earlier versions.

  • "We have not seen any evidence that this technique has been used in the wild," Microsoft said. "As always we encourage customers to install all security updates as soon as possible.”

The vulnerability was rated "important," Microsoft's second highest rating, because it involves user interaction to be exploited. (Critical flaws can be exploited with no user interaction.)

Krebs on Security, which reported the existence of the patch Monday night, described it as "an extraordinarily serious security vulnerability in a core cryptographic component."

  • Also, per Krebs, Microsoft has already delivered a patch for the bug to the U.S. military and other key customers and potential targets, such as the companies that manage internet infrastructure. Those companies had to agree not to disclose details of the vulnerability.

In a statement, Microsoft said it doesn't release production-ready updates ahead of its regular Update Tuesday schedule, but it does give advance versions to partners "for the purpose of validation and interoperability testing in lab environments." Those who get the advance versions are not supposed to use them for production machines.

What they're saying: Longtime security expert Dan Kaminsky, chief scientist at White Ops, said that the flaw is a big deal, despite the less-than-critical rating assigned by Microsoft.

"It does happen that some bugs are 'overhyped'. Not this one. A flaw here exposes itself on sensitive attack surfaces across the entire Windows platform, in subtle ways that are difficult to predict and — critically — would be highly reliable. Absolutely the real deal, patch this immediately."
— Dan Kaminsky, to Axios

Go deeper

Biden: The next president should decide on Ginsburg’s replacement

Joe Biden. Photo: Drew Angerer / Getty Images

Joe Biden is calling for the winner of November's presidential election to select Ruth Bader Ginsburg's replacement on the Supreme Court.

What he's saying: "[L]et me be clear: The voters should pick the president and the president should pick the justice for the Senate to consider," Biden said. "This was the position the Republican Senate took in 2016 when there were almost 10 months to go before the election. That's the position the United States Senate must take today, and the election's only 46 days off.

Trump, McConnell to move fast to replace Ginsburg

Photo: Alex Wong/Getty Images

President Trump will move within days to nominate his third Supreme Court justice in just three-plus short years — and shape the court for literally decades to come, top Republican sources tell Axios.

Driving the news: Senate Majority Leader Mitch McConnell and Senate Republicans are ready to move to confirm Trump's nominee before Election Day, just 46 days away, setting up one of the most consequential periods of our lifetimes, the sources say.

Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 10 p.m. ET: 30,393,591 — Total deaths: 950,344— Total recoveries: 20,679,272Map.
  2. U.S.: Total confirmed cases as of 10 p.m. ET: 6,722,699 — Total deaths: 198,484 — Total recoveries: 2,556,465 — Total tests: 92,163,649Map.
  3. Politics: In reversal, CDC again recommends coronavirus testing for asymptomatic people.
  4. Health: Massive USPS face mask operation called off The risks of moving too fast on a vaccine.
  5. Business: Unemployment drop-off reverses course 1 million mortgage-holders fall through safety netHow the pandemic has deepened Boeing's 737 MAX crunch.
  6. Education: At least 42% of school employees are vulnerable.