Microsoft January 2020 Patch Tuesday fixes 49 security bugs after the US National Security Agency (NSA) discovered a critical bug in the operating system. These 49 vulnerabilities, 7 are classified as Critical, 41 as Important, and 1 as Moderate.

Microsoft patched a spoofing vulnerability present in the Windows usermode cryptographic library, CRYPT32.DLL, on Windows 10, Windows Server 2016, and Windows Server 2019 systems. The vulnerability could allow for remote code execution. In other word, allow hackers to compromise trusted network connections using spoofed certificates to deliver malicious executable code under the pretense of a legitimately trusted entity, commit man-in-the-middle attacks, and decrypt confidential information. For example, HTTPS connections, signed emails and files, and user-mode processes launching signed executable code.

To patch now, go to https://portal.msrc.microsoft.com/en-us/security-guidance