The US-Cert has issued a notice about critical Windows vulnerabilities that need to be patched immediately.
Microsoft released a patch Tuesday, January 14, to be installed on all Windows 10, Windows Server 2016, and 2019 operating systems. The patch fixes a CryptoAPI spoofing vulnerability.
Additionally, there are Windows Remote Desktop vulnerabilities that must be patched. The first vulnerability affects Windows Servers 2012 and newer, while the second affects Windows 7 and newer. The patches remediate issues in the Windows RDP client and RDP Gateway Server.
For more information, see AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems.