Microsoft And The NSA

Sign outside of the NSA

We’ve been getting a ton of phone calls and emails about a security issue in Microsoft Windows 10 that was announced this week. It was discovered by the NSA and has really made the news. If you do a Bing search for “Microsoft and the NSA” you’ll get a long list of news reports similar to this:

List of Bing search results for Microsoft and the NSA

The vulnerability affects Windows 10 and some Windows Server editions. Although this caused big news, Microsoft patched the issue when it released updates this past Tuesday. The fix was part of their Patch Tuesday updates. (Patch Tuesday is the second Tuesday of the month.) This means that if you haven’t delayed Windows updates, your Windows 10 machine is already patched and there’s nothing to worry about.

How can you tell if you have the update? First, you need to know which version of Windows 10 you are using. The quickest way to do this is to go to the search window and search “winver” (without the quotes) and when it appears at the top of the list, click on it.

Picture of winver run command at the top of a search result

When the new window pops up, you can read your version of Windows 10. (I highlighted my computer’s version below.)

A Windows 10 version window

The next step is to see if the patch has been installed. Go to the START menu and click the SETTINGS icon. When the Settings window appears, click on UPDATE & SECURITY. In the new window, click on View Update History.

Windows 10 Update window showing "View update history"

When the history appears, look for the KB number for this patch based on which version of Windows 10 you found in the first part of this procedure.

Win 10 Version 1709KB4534276
Win 10 version 1803KB4534293
Win 10 Version 1809KB4534273
Win 10 Versions 1903 and 1909KB4528760

  • NOTES:
  • The KB versions listed above assume you are using the 64-bit version of Windows 10 – which almost everyone is.
  • You should not be running a Windows 10 version older than 1903. Version 1909 is still being pushed out so you might not see that yet but you definitely should not be using version 1709, 1803 or 1809.