Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4534276
HistoryJan 14, 2020 - 8:00 a.m.

January 14, 2020—KB4534276 (OS Build 16299.1625)

2020-01-1408:00:00
Microsoft
support.microsoft.com
177

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

January 14, 2020—KB4534276 (OS Build 16299.1625)

ReminderMarch 12 and April 9 were the last two Delta updates for Windows 10, version 1709. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our blog.

Reminder Windows 10, version 1709, reached end of service on April 9, 2019 for devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions. These devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

IMPORTANTWindows 10 Enterprise, Education, and IoT Enterprise editions will continue to receive servicing at no cost per the lifecycle announcement on October 2018.

ePub support ended in Microsoft EdgeMicrosoft Edge has ended support for e-books that use the .epub file extension. For more information, see Download an ePub app to keep reading e-books.

For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.

Highlights

  • Updates to improve security when storing and managing files.
  • Updates to improve security when using input devices such as a mouse, keyboard, or stylus.

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Windows Media, Windows Virtualization, Windows Storage and Filesystems, and Windows Server.
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
    Microsoft is working on a resolution and will provide an update in an upcoming release.
    When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.Note This issue does not affect using a Microsoft Account during OOBE.| This issue is resolved in KB4534318.

How to get this update

Before installing this updateMicrosoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4523202) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows 10Classification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for cumulative update 4534276.

Related

mskb 28
nessus 12
openvas 14
kaspersky 4
prion 26
cve 25
talosblog 1
ics 1
thn 1
avleonov 1
qualysblog 2
attackerkb 3
mscve 24
symantec 23
cisa_kev 2
zdi 4
checkpoint_advisories 2
githubexploit 4
alpinelinux 1
msrc 3
trellix 2
osv 3
zdt 1
krebs 2
filippoio 1
checkpoint_security 1
veracode 1
redhatcve 1
trendmicroblog 2
carbonblack 1
cloudfoundry 1
schneier 1
cert 1
mskb
mskb
January 14, 2020—KB4534306 (OS Build 10240.18453)
2020-01-14 08:00:00
January 14, 2020—KB4534293 (OS Build 17134.1246)
2020-01-14 08:00:00
January 14, 2020—KB4534303 (Monthly Rollup)
2020-01-14 08:00:00
nessus
nessus
KB4534293: Windows 10 Version 1803 January 2020 Security Update
2020-01-14 00:00:00
KB4534276: Windows 10 Version 1709 January 2020 Security Update
2020-01-14 00:00:00
KB4534306: Windows 10 January 2020 Security Update
2020-01-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4534276)
2020-01-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4534293)
2020-01-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4534306)
2020-01-15 00:00:00
kaspersky
kaspersky
KLA11703 Multiple vulnerabilities in Microsoft Products (ESU)
2020-01-14 00:00:00
KLA11639 Multiple vulnerabilities in Microsoft Windows
2020-01-14 00:00:00
KLA11634 Multiple vulnerabilities in Microsoft Developer Tools
2020-01-14 00:00:00
prion
prion
Privilege escalation
2020-01-14 23:15:00
Privilege escalation
2020-01-14 23:15:00
Privilege escalation
2020-01-14 23:15:00
cve
cve
CVE-2020-0613
2020-01-14 23:15:00
CVE-2020-0633
2020-01-14 23:15:00
CVE-2020-0625
2020-01-14 23:15:00
talosblog
talosblog
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
2020-01-17 10:14:27
ics
ics
Critical Vulnerabilities in Microsoft Windows Operating Systems
2020-01-14 12:00:00
thn
thn
Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
2020-01-14 18:40:00
avleonov
avleonov
Big Microsoft day: EOL for Win7, Win2008 and crypt32.dll
2020-01-14 18:02:20
qualysblog
qualysblog
January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns
2020-01-14 19:34:09
Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate
2020-01-14 22:57:50
attackerkb
attackerkb
CVE-2020-0638
2020-01-14 00:00:00
CVE-2020-0601, aka NSACrypt
2020-01-14 00:00:00
Remote Desktop Client remote code execution vulnerability
2020-01-14 00:00:00
mscve
mscve
Update Notification Manager Elevation of Privilege Vulnerability
2020-01-14 08:00:00
Windows Search Indexer Elevation of Privilege Vulnerability
2020-01-14 08:00:00
Windows Search Indexer Elevation of Privilege Vulnerability
2020-01-14 08:00:00
symantec
symantec
Microsoft Windows Search Indexer CVE-2020-0632 Local Privilege Escalation Vulnerability
2020-01-14 00:00:00
Microsoft Windows Graphics Component CVE-2020-0622 Information Disclosure Vulnerability
2020-01-14 00:00:00
Microsoft Windows Search Indexer CVE-2020-0631 Local Privilege Escalation Vulnerability
2020-01-14 00:00:00
cisa_kev
cisa_kev
Microsoft Update Notification Manager Privilege Escalation Vulnerability
2022-05-23 00:00:00
Microsoft Windows CryptoAPI Spoofing Vulnerability
2021-11-03 00:00:00
zdi
zdi
Microsoft Windows WIA Junction Privilege Escalation Vulnerability
2020-01-17 00:00:00
Microsoft Windows CLFS Use-After-Free Privilege Escalation Vulnerability
2020-01-15 00:00:00
Microsoft Windows CLFS Driver Out-Of-Bounds Read Information Disclosure Vulnerability
2020-01-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2020-0634)
2020-01-14 00:00:00
Microsoft Windows CryptoAPI Spoofing (CVE-2020-0601)
2020-01-16 00:00:00
githubexploit
githubexploit
Exploit for Improper Certificate Validation in Microsoft
2020-03-03 08:49:47
Exploit for Improper Certificate Validation in Microsoft
2020-01-15 00:01:29
Exploit for Improper Certificate Validation in Microsoft
2021-01-17 11:53:28
alpinelinux
alpinelinux
CVE-2020-0601
2020-01-14 23:15:00
msrc
msrc
January 2020 Security Updates: CVE-2020-0601
2020-01-14 08:00:00
January 2020 Security Updates: CVE-2020-0601
2020-01-14 18:01:05
January 2020 Security Updates: CVE-2020-0601
2020-01-14 08:00:00
trellix
trellix
CurveBall – An Unimaginative Pun but a Devastating Bug
2020-06-17 00:00:00
CurveBall – An Unimaginative Pun but a Devastating Bug
2020-06-17 00:00:00
osv
osv
CVE-2020-0601
2020-01-14 23:15:30
BIT-golang-2020-0601
2024-03-06 11:08:38
Certificate validation bypass on Windows in crypto/x509
2022-08-01 22:21:17
zdt
zdt
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing
2020-01-16 00:00:00
krebs
krebs
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
2020-01-13 22:17:47
Patch Tuesday, January 2020 Edition
2020-01-15 02:31:50
filippoio
filippoio
Replace PGP With an HTTPS Form
2020-07-18 22:00:00
checkpoint_security
checkpoint_security
Check Point Response to CVE-2020-0601 (CryptoAPI Spoofing Vulnerability)
2020-01-16 01:01:59
veracode
veracode
Certificate Spoofing
2020-01-30 04:08:05
redhatcve
redhatcve
CVE-2020-0606
2020-01-14 20:09:01
trendmicroblog
trendmicroblog
Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601
2020-01-17 17:40:24
This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records
2020-02-14 13:57:34
carbonblack
carbonblack
Using Live Query to Audit Your Environment for the Windows CryptoAPI Spoofing Vulnerability
2020-01-17 16:00:29
cloudfoundry
cloudfoundry
CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability | Cloud Foundry
2020-01-22 00:00:00
schneier
schneier
Critical Windows Vulnerability Discovered by NSA
2020-01-15 12:38:37
cert
cert
Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
2020-01-14 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for KB4534276
mskb28nessus12openvas14kaspersky4prion26cve25talosblog1ics1thn1avleonov1qualysblog2attackerkb3mscve24symantec23cisa_kev2zdi4checkpoint_advisories2githubexploit4alpinelinux1msrc3trellix2osv3zdt1krebs2filippoio1checkpoint_security1veracode1redhatcve1trendmicroblog2carbonblack1cloudfoundry1schneier1cert1