The U.S. National Security Agency (NSA) took the unusual step of disclosing a vulnerability it discovered in the Microsoft Windows 10 and Windows Server 2016/2019 software environments. Microsoft has contemporaneously released a patch to address the concern.
According to the NSA brief, the certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.
(Image credit: https://cyware.com/)