Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains

🗓️ 14 Jan 2020 00:00:00Reported by CERTType

Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains, allowing spoofing of certificate validit

Reporter	Title	Published	Views	Family All 106
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	19 Jan 202018:20	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	15 Jan 202023:07	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	16 Jan 202002:46	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	3 Feb 202013:58	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	15 Jan 202000:01	–	githubexploit
GithubExploit	exploits	25 May 202601:12	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	15 Jan 202023:07	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	14 Jan 202023:53	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	17 Jan 202111:53	–	githubexploit
0day.today	Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing	16 Jan 202000:00	–	zdt

Source	Link
nsa	www.nsa.gov/News-Features/News-Stories/Article-View/Article/2056772/a-very-important-patch-tuesday/
media	www.media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
docs	www.docs.microsoft.com/en-us/windows/win32/seccrypto/cryptoapi-system-architecture
docs	www.docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetcertificatechain
docs	www.docs.microsoft.com/en-us/windows/win32/seccrypto/certificate-chains
docs	www.docs.microsoft.com/en-us/windows-hardware/drivers/install/authenticode

15 Jan 2020 00:03Current

8.1High risk

Vulners AI Score8.1

CVSS 25.8

CVSS 3.18.1

EPSS0.94093

SSVC