SANS ISC has an excellent overview of Windows CryptoAPI vulnerability CVE-2020-0601, this is a serious issue to fix for Windows 10 users (and esp. browsers IE, Edge, and Chrome)

This diary is about the vulnerability in Windows CryptoAPI, CVE-2020-0601, that everyone has been talking about; we decided to sum up known and tested information so far. The vulnerability exists in the Windows CryptoAPI component (Crypt32.dll), specifically in the part that is used to validate Elliptic Curve Cryptography (ECC) certificates. Due to a serious bug in code, ECC certificates are not properly verified – there have been several posts about why this fails (i.e. the one here), but the bottom line is that it is trivial to use an existing Certificate Authority (that must be using ECC) to create a spoofed certificate.  This by default works only in Internet Explorer and Edge on Windows. Mozilla Firefox does not use Crypt32.dll to verify certificates. Finally, the vulnerability exists only on Windows 10.