January Patch Tuesday updates for Windows 10 include fix for spoofing flaw discovered by NSA

Laurent Giret

Windows 10

Microsoft has just released the first “Patch Tuesday” updates of the new year. These updates are quite a big deal as they fix a serious vulnerability that has been disclosed by the NSA. This spoofing flaw affects all Windows 10 versions released since 2015 as well as Windows Server 2016, though Microsoft notes that it hasn’t been exploited so far.

“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software,” Microsoft explained on its Security portal.

It’s good to know that this security flaw is now fixed in all versions of Windows 10 as well as Windows Server 2016, and this month’s Patch Tuesday updates seems to be mostly security-focused. Here is what Microsoft detailed in the release notes for Windows 10 version 1909 (build 18363.592) and Windows 10 version 1903 (build 18362.592):

Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server.

Microsoft isn’t aware of any known issues with these two cumulative updates, and there’s also nothing to see about the ongoing issues related to Windows Search that some users have been complaining about.

If you’re still running Windows 10 version 1809, you’ll get the build 17763.973 today which includes the following fixes:

  • Addresses an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
  • Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Virtualization, the Microsoft Scripting Engine, and Windows Server.

If you’re running older versions of Windows 10 Enterprise and Education, Microsoft also published the release notes for Windows 10 versions 1803, 1709, and 1507. Patch notes for the versions 1607 and 1703 will be published later on Microsoft’s Windows support website.