Back on December 10, over a month ago, Microsoft released Windows 10 build 19041.1 (version 2004) to Windows Insiders in the Fast and Slow rings. Today, Microsoft updated that build to 19041.21 and released it to the Slow ring. (Fast ring testers have since moved on to testing new features that will appear in subsequent Windows 10 versions.)
“[Windows 10 version 2004] build 19041.21 (KB4535550) [is a] Cumulative Update [that] includes quality improvements,” a new post aimed at Windows Insiders explains. “Key changes include security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Graphics, Microsoft Scripting Engine, .NET Framework, Windows Cryptography, Windows Subsystem for Linux, Windows Peripherals, Windows Storage and Filesystems, and Windows Server.”
OK, so that doesn’t really explain why. But a Microsoft Security Update Guide post about a related update for the shipping versions of Windows 10 provides more details.
“A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates,” Microsoft explains in one advisory. “An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”
Since Windows 10 version 2004 won’t ship to users for another few months, this type of post-RTM fix might become common. Since Microsoft always shipped such updates when releases were on quicker schedules, it stands to reason that we might see more of them now.