As written today on Forbes and confirmed by Microsoft, big spoofing vulnerability in the CryptoAPI was found by NSA in Windows 10, Server 2016 and Server 2019.

The CryptoAPI, (crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

I recommend you to install todays security patch for Windows 10, Server 2016 and Server 2019 (CVE-2020-0601). More information

https://www.forbes.com/sites/daveywinder/2020/01/14/windows-10-extraordinarily-serious-security-warning-for-900-million-users/#7fbe7f94690c

Microsoft including download links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

#Windows10 #WindowsServer #WindowsServer2016 #Server2016 #WindowsServer2019 #Server2019 #Security #PatchTuesday