Windows CryptoAPI Spoofing Vulnerability Discovered: Patch Your Windows 10 OS NOW!

by

CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Security Vulnerability

Published: 01/14/2020 | Last Updated : 01/16/2020
MITRE CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificate.

Security Updates Page/Info: Download Link here, Please ensure you download the proper file set specified for your Version of Windows 10 Check 64/32 bit Home,Pro version as well.

Discovered and released information by the NSA National Security Agency Review the Document here. National Security Agency|Cybersecurity Advisory Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers

The released updates are as follows:

  • Windows 10, version 1903+ Windows 10, version 1909: KB4528760 (OS Builds 18362.592 and 18363.592)
  • Windows 10, version 1809: KB4534273 (OS Build 17763.973). Additionally, the update resolves an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
  • Windows 10, version 1803: KB4534293 (OS Build 17134.1246)
  • Windows 10, version 1709: KB4534276 (OS Build 16299.1625)
  • Windows 10, version 1703: KB4534296 (OS Build 15063.2254)
  • Windows 10, version 1607: KB4534271 (OS Build 14393.3443). Additionally, the update resolves an issue to support new SameSite cookie policies by default for release 80 of Google Chrome.
  • Windows 10, initial release: KB4534306 (OS Build 10240.18453)

To download these updates, open Settings – > Update &recovery and click on the Check for Updates button on the right.