An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

attackerkb 1

githubexploit 5

cve 1

alpinelinux 1

checkpoint_security 1

msrc 3

veracode 1

checkpoint_advisories 1

trendmicroblog 3

krebs 2

carbonblack 1

cloudfoundry 1

osv 3

trellix 2

symantec 1

qualysblog 6

zdt 1

filippoio 1

prion 1

schneier 1

cert 1

cisa_kev 1

talosblog 2

threatpost 4

openvas 9

kaspersky 3

ics 2

thn 1

avleonov 1

chrome 1

nessus 9

rapid7blog 1

securelist 1

mskb 6

mscve 1

attackerkb

CVE-2020-0601, aka NSACrypt

2020-01-14 00:00:00

githubexploit

Exploit for Improper Certificate Validation in Microsoft

2020-03-03 08:49:47

Exploit for Improper Certificate Validation in Microsoft

2020-01-15 00:01:29

Exploit for Improper Certificate Validation in Microsoft

2021-01-17 11:53:28

cve

CVE-2020-0601

2020-01-14 23:15:00

alpinelinux

CVE-2020-0601

2020-01-14 23:15:00

checkpoint_security

Check Point Response to CVE-2020-0601 (CryptoAPI Spoofing Vulnerability)

2020-01-16 01:01:59

msrc

January 2020 Security Updates: CVE-2020-0601

2020-01-14 18:01:05

January 2020 Security Updates: CVE-2020-0601

2020-01-14 08:00:00

January 2020 Security Updates: CVE-2020-0601

2020-01-14 08:00:00

veracode

Certificate Spoofing

2020-01-30 04:08:05

checkpoint_advisories

Microsoft Windows CryptoAPI Spoofing (CVE-2020-0601)

2020-01-16 00:00:00

trendmicroblog

Don’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601

2020-01-17 17:40:24

This Week in Security News: February 2020 Patch Tuesday Update and Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records

2020-02-14 13:57:34

This Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the Web

2020-01-24 13:18:05

krebs

Patch Tuesday, January 2020 Edition

2020-01-15 02:31:50

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

2020-01-13 22:17:47

carbonblack

Using Live Query to Audit Your Environment for the Windows CryptoAPI Spoofing Vulnerability

2020-01-17 16:00:29

cloudfoundry

CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability | Cloud Foundry

2020-01-22 00:00:00

osv

Certificate validation bypass on Windows in crypto/x509

2022-08-01 22:21:17

BIT-golang-2020-0601

2024-03-06 11:08:38

CVE-2020-0601

2020-01-14 23:15:30

trellix

CurveBall – An Unimaginative Pun but a Devastating Bug

2020-06-17 00:00:00

CurveBall – An Unimaginative Pun but a Devastating Bug

2020-06-17 00:00:00

symantec

Microsoft Windows CryptoAPI CVE-2020-0601 Spoofing Vulnerability

2020-01-14 00:00:00

qualysblog

Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate

2020-01-14 22:57:50

January 2020 Patch Tuesday – 50 Vulns, 8 Critical, Adobe Vulns

2020-01-14 19:34:09

Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)

2023-07-18 13:38:53

zdt

Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing

2020-01-16 00:00:00

filippoio

Replace PGP With an HTTPS Form

2020-07-18 22:00:00

prion

Spoofing

2020-01-14 23:15:00

schneier

Critical Windows Vulnerability Discovered by NSA

2020-01-15 12:38:37

cert

Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains

2020-01-14 00:00:00

cisa_kev

Microsoft Windows CryptoAPI Spoofing Vulnerability

2021-11-03 00:00:00

talosblog

Threat Source newsletter (Jan. 16, 2019)

2020-01-23 07:27:43

Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage

2020-01-17 10:14:27

threatpost

PoC Exploits Published For Microsoft Crypto Bug

2020-01-16 16:05:57

Microsoft Patches ‘Major’ Crypto Spoofing Bug

2020-01-14 20:32:30

Oracle Ties Previous All-Time Patch High with January Updates

2020-01-14 23:43:10

openvas

Google Chrome Security Updates(stable-channel-update-for-desktop_16-2020-01)-MAC OS X

2020-01-17 00:00:00

Google Chrome Security Updates(stable-channel-update-for-desktop_16-2020-01)-Linux

2020-01-17 00:00:00

Google Chrome Security Updates(stable-channel-update-for-desktop_16-2020-01)-Windows

2020-01-17 00:00:00

kaspersky

KLA11647 Multiple vulnerabilities in Google Chrome

2020-01-16 00:00:00

KLA11720 Multiple vulnerabilities in Opera

2020-01-22 00:00:00

KLA11639 Multiple vulnerabilities in Microsoft Windows

2020-01-14 00:00:00

ics

Critical Vulnerabilities in Microsoft Windows Operating Systems

2020-01-14 12:00:00

Potential for China Cyber Response to Heightened U.S.–China Tensions

2020-10-20 12:00:00

thn

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

2020-01-14 18:40:00

avleonov

Big Microsoft day: EOL for Win7, Win2008 and crypt32.dll

2020-01-14 18:02:20

chrome

Stable Channel Update for Desktop

2020-01-16 00:00:00

nessus

Microsoft Edge (Chromium) < 79.0.309.68 Multiple Vulnerabilities

2020-07-07 00:00:00

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-2766)

2022-11-14 00:00:00

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-2731)

2022-11-14 00:00:00

rapid7blog

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

2020-10-29 13:59:06

securelist

IT threat evolution Q1 2020. Statistics

2020-05-20 10:00:43

mskb

January 14, 2020—KB4534306 (OS Build 10240.18453)

2020-01-14 08:00:00

January 14, 2020—KB4528760 (OS Builds 18362.592 and 18363.592) - EXPIRED

2020-01-14 08:00:00

January 14, 2020—KB4534276 (OS Build 16299.1625)

2020-01-14 08:00:00

mscve

Chromium Security Updates for Microsoft Edge (Chromium-Based)

2020-01-28 08:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.97 High

EPSS

Percentile

99.7%

JSON

Related for MS:CVE-2020-0601