MS Windows CryptoAPI Spoofing Vulnerability

MS Windows CryptoAPI Spoofing Vulnerability

On January 14, 2020, Microsoft has published a vulnerability in cryptographic libraries (Crypt32.dll) in new versions of Windows in the first Patch Tuesday list of 2020.

On January 14, 2020, Microsoft has published a vulnerability in cryptographic libraries (Crypt32.dll) in new versions of Windows in the first Patch Tuesday list of 2020. The related vulnerability has been reported by the NSA (National Security Agency).

Attackers can use this vulnerability coded CVE-2020-0601 to run malicious software digitally signed by an insecure source as a trusted application. At this point, attackers can skip this control mechanism by spoofing the Crypto32.dll library.

With the successful use of this vulnerability, MITM (Man in the Middle) attacks can be performed to the targeted application, and encrypted data can be opened and read.

SOLUTION/RECOMMENDATION

Security updates published by Microsoft; It must be implemented urgently on all relevant servers before any security incident occurs. Using vulnerability detection systems, all systems should be scanned for this vulnerability and the detected servers should be improved as soon as possible. In addition, if possible, it will be useful to activate signatures related to this vulnerability in security devices.

Before moving on to all systems, it is recommended that the update must be tested to avoid any interruptions over the service.

Operating Systems

• Windows Operating System

Versions

• Windows 10, Windows Server 2016, Windows Server 2019

CVE / CWE

CVE-2020-0601

Additional Information

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
2. https://nvd.nist.gov/vuln/detail/CVE-2020-0601
3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601