When the NSA warns you that you should update your Windows, you should heed the warning. However, a critical update to Windows 10 is failing to install for some users.

According to complaints on the Windows Latest blog and on Reddit, the critical Windows 10 security update is causing installation problems for users on machines running the May 2019 (1903) and November 2019 (1909) builds The problem has been.

On the contrary, users say they get error messages. These are some of them:

"The installation could not be completed because the update service shut down."

And...

"There was a problem installing some updates: 2020-01 Cumulative Update for Windows 10 Version 1909 x64-based Systems (KB4528760) - Error 0x800f0988. troubleshooter, sfc, dism does not fix the error."

The good news is that you can manually install the Windows 10 cumulative update if you encounter the update error.

1. go to the Microsoft Update Catalog website.

2. Type "KB4528760" in the search bar.

3. Click "Download" next to the version of the update that corresponds to your PC. (If you do not know your Windows build or system chipset, right click on the Windows icon in the lower left corner of the screen and select "Settings" -> "System" -> "About")

.

Along with about 50 other security issues, the January 2020 cumulative update patches a very serious cryptographic flaw "in the way Windows CryptoAPI (Crypt32.dll) validates elliptic curve cryptography (ECC) certificates," Microsoft wrote in an advisory.

According to previous reports, hackers can make users download and install malware that pretends to be benign, such as software updates. Because the digital signatures are spoofed, Microsoft and even the best antivirus software will not notice. [Microsoft says, "Because the digital signature appears to be from a trusted provider, the user has no way of knowing that the file is malicious.

"Successful exploitation could also allow an attacker to conduct a man-in-the-middle attack and decrypt sensitive information on the user's connection to the affected software.

Since Tuesday, several proof-of-concept exploits have been created that demonstrate what the flaw allows, including one that appears to show Rick Astley's "Never Gonna Give You Up" video streaming on the NSA website including.

In short, depending on how the messaging software uses Microsoft's proprietary encryption tools, hackers could intercept and alter secure Internet communications, including software updates and possibly encrypted messages That means.

Yesterday (January 16), Google patched its Chrome browser against the flaw. Microsoft's Edge and Internet Explorer browsers were patched via a cumulative update on Wednesday.

However, Mozilla's Firefox browser does not rely on Windows CrytoAPI to validate communications and is not vulnerable to this flaw.

Microsoft has had a number of problems with Windows 10 updates over the past year, many of which have caused problems for users. For example, last February, a bug prevented users from installing the latest version of the OS; several Windows users were met with error messages when trying to connect to Windows Update or the Windows Store. Sound familiar?

In September 2019, one Windows update turned everything on the screen orange for users. Yet another update that same month made the Start menu and search bar unresponsive and broke audio when playing games.

In October, one Windows 10 update caused a blue screen of death. Finally, in November, a Windows update broke File Explorer, angering users.

This particular problem may be due to the fact that Windows 10 build 1903 and Windows 10 build 1909 are very similar and one Patch Tuesday cumulative update applies to both. (For other builds, the Patch Tuesday rollup is individually customized.) It may be that WindowsUpdate does not know which build it is dealing with when it starts applying patches.

Let's hope the next update will reduce the problem.