Researchers at IBM have discovered an active attack campaign using a variation of the Dyre Trojan that has already stolen millions from organizations.
The company has warned that the bogus Internet certs could be used in man-in-the-middle attacks.
Also, the company announced a new security tool that will use Windows 10 device authentication over user passwords.
Also included is a fix for the widespread FREAK bug.
Both Apple and Linux finished the year with more security flaws than Microsoft's OSes.
Windows Defender will now block and prompt users how to easily remove the adware found preinstalled on some Lenovo systems.
The malware used is impossible to remove from infected devices, according to Kaspersky Lab.
The security issues have led the European Parliament to completely block access from the app.
This Month's security update also includes two additional "critical" remote code execution fixes for Windows.
The company said that information including, names, birthdays, addresses and Social Security numbers were taken.
Keeping up its poor showing in AV-Test's assessments, the free offering from Microsoft scored a zero when it came to protection.
The flaws reside in Windows 7 and Windows 8.1.
Today's release also includes a bulletin that addresses the Windows 8.1 zero-day flaw that was discovered by Google.
Microsoft said that Google released information on a Windows 8.1 flaw even though a fix was on its way.
The company cited that the general lack of interest by organizations led to the change.