CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Advisory

CVE-2020-0601

Integrity360 is actively monitoring a new threat known as CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability.

The threat 

Microsoft released a security update that exists in the way Windows CryptoAPI validates ECC certificates. If this vulnerability is exploited, it would make the untrusted file appear as a legitimate source, as the signature would appear to be from a trusted provider. 

Known affected versions

• Windows 10
• Windows Server 2016
• Windows Server 2016 (Server Core installation)
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server, version 1803 (Server Core Installation)
• Windows Server, version 1903 (Server Core installation)
• Windows Server, version 1909 (Server Core installation)

Recommendations

While the impacts of this vulnerability are still developing, we would like to advise our clients that the best action that you should take to mitigate against this vulnerability is to patch your affected systems. This update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

More information

For more information on this vulnerability please check the related content links listed below.

• Microsoft CVE Details:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

• NSA advisory:

https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

Should you require assistance with applying the fix or upgrading, please contact your account manager or email info@integrity360.com. As always, Integrity360 Managed Security Service customers will already be covered through our proactive security approach.