CVE-2020-0601: Microsoft Windows CryptoAPI Spoofing Vulnerability
First published: Tue Jan 14 2020(Updated: )
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2019 | ||
| Golang Go | >=1.12<1.12.16 | |
| Golang Go | >=1.13<1.13.7 | |
| Microsoft Windows | ||
| Microsoft Windows | ||
| All of | ||
| Any of | ||
| Golang Go | >=1.12<1.12.16 | |
| Golang Go | >=1.13<1.13.7 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
- https://www.cisa.gov/news-events/directives/ed-20-02-mitigate-windows-vulnerabilities-january-2020-patch-tuesday)
- https://nvd.nist.gov/vuln/detail/CVE-2020-0601
Frequently Asked Questions
What is CVE-2020-0601?
CVE-2020-0601 is a vulnerability in Microsoft Windows CryptoAPI (Crypt32.dll) that allows for spoofing of Elliptic Curve Cryptography certificates.
How does the CVE-2020-0601 vulnerability work?
An attacker can use a spoofed code-signing certificate to sign a malicious executable, making it appear legitimate by bypassing Windows validation checks.
Who is affected by CVE-2020-0601?
Anyone using Microsoft Windows is potentially affected by CVE-2020-0601.
What is the severity of CVE-2020-0601?
The severity rating of CVE-2020-0601 is high.
How can I mitigate the CVE-2020-0601 vulnerability?
Follow the instructions provided by Microsoft in their security advisory and apply the necessary security updates.
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1803
- version/microsoft windows server 2016/1903
- version/microsoft windows server 2016/1909
- canonical/microsoft windows server 2019
- vendor/golang
- canonical/golang go
- version/golang go/1.12
- version/golang go/1.13
- canonical/microsoft windows