CVE-2020-0601, What is it and are you vulnerable?

It is a man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 as per CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-0601

When an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if it’s from a trusted source.

This vulnerability is post-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could conduct man-in-the-middle attacks and decrypt encrypted traffic such as traffic sent over the encrypted protocol of HTTPS. To exploit this vulnerability, an attacker would need to be authenticated to the device.

In a nutshell:

  • A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.
  • Due to CVE-2020-0601, it is possible to create a fake digital signature that appears to come from a trusted certificate authority.
  • A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

What should you do?

Check your patching and run your Windows updates, as per for Windows 10 or Windows Server 2016/2019:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

References:

  • https://www.itsecurityguru.org/2020/01/17/cve-2020-0601-are-you-vulnerable
  • https://gbhackers.com/poc-exploit-cve-2020-0601/

Hits: 5

Leave a Reply