NSA has discovered a critical vulnerability affecting Microsoft Windows cryptographic functionality. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.
Microsoft released a patch today for Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) and urges that everyone update their systems as quickly as possible.
A successful exploit could allow the attacker to:
(1) Sign a malicious executable, making it appear the file was from a trusted, legitimate source; the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
Or
(2) Conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
SonicWall Capture Labs Threat Research team provides protection against this vulnerability with the following signatures:
- IPS 14728:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
- IPS 14729:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
- IPS 14730:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
- IPS 14731:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4
** Optrics Inc. is an Registered SonicWall partner
The original article can be found here:
https://securitynews.sonicwall.com/xmlpost/windows-cryptoapi-spoofing-vulnerability-cve-2020-0601/