Windows 10 Security Updates, January 14, 2020

Windows 10 Update Icon Big 256

Microsoft today released a set of cumulative updates for all supported Windows 10 versions. The updates resolve a critical vulnerability in Windows 10.

Here are some important details related to these updates:

CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

Also, check out the following document.

The released updates are as follows:

  • Windows 10, version 1903+ Windows 10, version 1909: KB4528760 (OS Builds 18362.592 and 18363.592)
  • Windows 10, version 1809: KB4534273 (OS Build 17763.973). Additionally, the update resolves an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
  • Windows 10, version 1803: KB4534293 (OS Build 17134.1246)
  • Windows 10, version 1709: KB4534276 (OS Build 16299.1625)
  • Windows 10, version 1703: KB4534296 (OS Build 15063.2254)
  • Windows 10, version 1607: KB4534271 (OS Build 14393.3443). Additionally, the update resolves an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
  • Windows 10, initial release: KB4534306 (OS Build 10240.18453)

To download these updates, open Settings - > Update &recovery and click on the Check for Updates button on the right.

Helpful links:

Source: Windows Update History

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.