The first Windows 10 Patch Tuesday release this 2020 is now live, and the overall weight has been reported to be relatively smaller from the past deployments. However, Microsoft is saying that the update is designed to vanquish potentially harmful bugs, so the best practice for users is to install the patch as soon as possible.
As far as the level of threat is concerned, the new OS bump can be considered as significant enough, for it will plug the holes that have been identified to be critical, which exactly is the case for eight vulnerabilities.
In a report, ZDNet said 49 possible exploits will be patched by the January update and thought to be the most notable of the bugs has been tagged as CVE-2020-0601, which according to Microsoft is an anomaly discovered in CryptoAPI (Crypt32.dll) or the default Windows cryptographic library.
This particular bug was first reported by the NSA, and if left unpatched, it can serve as an opening for attackers to forge digital signatures. In doing so, it will be easier to hack a targeted, encrypted HTTPS communication.
"The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider," said the corresponding advisory issued by the Windows maker.
And per Microsoft's warning, it is imperative that the entry for this threat is closed, and that can be done by getting the latest update. When the patch has been installed, "the security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates."
In addition, two more vulnerabilities have been identified, and they bear the tracking IDs CVE-2020-0609 and CVE-2020-0610, which potentially could cause problems on systems running the Windows Server 2016 and the Windows Server 2012.
The word from Microsoft is that with the bugs on the specific systems, the Windows Remote Desktop Gateway (RD Gateway) could be exploited through remote code execution for a possible takeover that can be performed through the sending of camouflaged requests on an RDP connection. Again, the severity of the threat can be resolved with the installation of the new batch of patches.
According to WCCFTech, the latest Patch Tuesday can be absorbed by nearly all the existing Windows 10 versions, chiefly the Versions 1909 and 1903 that were provided last year. Versions 1809, 1803, the Creators Updates, the Anniversary Update, and the first Windows 10 release (issued in May 2015) will also benefit from the new round of OS bump.
Coinciding with the release is the issuance of the last security updates for Windows 7 as Microsoft is discontinuing support for the aging OS except for enterprise users, who will need to pay fees to continue getting future fixes.
