Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

Microsoft is releasing a security patch Tuesday to fix a major flaw in the Windows operating system. Although Microsoft says it hasn't seen evidence the issue has been exploited in the wild, it could allow an attacker to "decrypt confidential information."

Why it matters: The flaw represents a significant vulnerability and was turned over to Microsoft by the National Security Agency. In the past, the NSA has kept some Windows flaws to itself to use for its own purposes.

What's next: Microsoft confirmed details of the flaw and the release of the patch, adding that its security software can detect and block malware attempting to use this vulnerability. ​It affects versions of Windows 10 as well as the 2016 and 2019 versions of Windows Server, but not Windows 7, Windows 8 or earlier versions.

  • "We have not seen any evidence that this technique has been used in the wild," Microsoft said. "As always we encourage customers to install all security updates as soon as possible.”

The vulnerability was rated "important," Microsoft's second highest rating, because it involves user interaction to be exploited. (Critical flaws can be exploited with no user interaction.)

Krebs on Security, which reported the existence of the patch Monday night, described it as "an extraordinarily serious security vulnerability in a core cryptographic component."

  • Also, per Krebs, Microsoft has already delivered a patch for the bug to the U.S. military and other key customers and potential targets, such as the companies that manage internet infrastructure. Those companies had to agree not to disclose details of the vulnerability.

In a statement, Microsoft said it doesn't release production-ready updates ahead of its regular Update Tuesday schedule, but it does give advance versions to partners "for the purpose of validation and interoperability testing in lab environments." Those who get the advance versions are not supposed to use them for production machines.

What they're saying: Longtime security expert Dan Kaminsky, chief scientist at White Ops, said that the flaw is a big deal, despite the less-than-critical rating assigned by Microsoft.

"It does happen that some bugs are 'overhyped'. Not this one. A flaw here exposes itself on sensitive attack surfaces across the entire Windows platform, in subtle ways that are difficult to predict and — critically — would be highly reliable. Absolutely the real deal, patch this immediately."
— Dan Kaminsky, to Axios

Go deeper

1 min ago - Health

Axios AM Deep Dive: Covid forever

Illustration: Aïda Amer/Axios

It was 563 days ago that the WHO declared Covid-19 a pandemic. This Axios AM Deep Dive, led by healthcare reporter Caitlin Owens, looks at our Covid future.

Federal judge blocks vaccine mandate for NYC teachers

Students are dismissed from the first day of school at PS 133 in Brooklyn on Sept. 13. Photo: Michael Nagle/Xinhua via Getty Images

A federal appeals court judge on Friday temporarily blocked New York City schools from enforcing a vaccine mandate for school employees, days before it was set to take effect, AP reports.

Driving the news: The vaccine mandate was set to begin on Monday, prompting concerns over staffing shortages in schools across the nation's largest school system.

CCP releases two jailed Canadians after Huawei CFO deal with DOJ

Photo: Sheldon Cooper/SOPA Images/LightRocket via Getty Images

Two Canadians imprisoned by the Chinese government for over 1,000 days have been released and are expected to arrive in Canada on Saturday, Prime Minister Justin Trudeau said Friday.

Why it matters: Their release comes hours after Huawei Technologies CFO Meng Wanzhou reached a deal with the U.S. Department of Justice that resolves the criminal charges against her and could pave the way for her to return to China.