Jan 2020:
CVE-2020-0601 Published on January 14, 2020
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Known Exploited Vulnerability
This Microsoft Windows 10 API/ECC Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
The following remediation steps are recommended / required by January 29, 2020: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2020-0601 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2020-0601
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows:- Version 10 Version 1803 for 32-bit Systems is affected.
- Version 10 Version 1803 for x64-based Systems is affected.
- Version 10 Version 1803 for ARM64-based Systems is affected.
- Version 10 Version 1809 for 32-bit Systems is affected.
- Version 10 Version 1809 for x64-based Systems is affected.
- Version 10 Version 1809 for ARM64-based Systems is affected.
- Version 10 Version 1709 for 32-bit Systems is affected.
- Version 10 Version 1709 for x64-based Systems is affected.
- Version 10 Version 1709 for ARM64-based Systems is affected.
- Version 10 for 32-bit Systems is affected.
- Version 10 for x64-based Systems is affected.
- Version 10 Version 1607 for 32-bit Systems is affected.
- Version 10 Version 1607 for x64-based Systems is affected.
- Version version 1803 (Core Installation) is affected.
- Version 2019 is affected.
- Version 2019 (Core installation) is affected.
- Version 2016 is affected.
- Version 2016 (Core installation) is affected.
- Version unspecified is affected.
- Version unspecified is affected.
- Version unspecified is affected.
- Version unspecified is affected.
- Version unspecified is affected.
- Version unspecified is affected.
- Version unspecified is affected.
- Version unspecified is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.