NSA has discovered a critical vulnerability affecting Microsoft Windows cryptographic functionality. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.

Microsoft released a patch today for Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) and urges that everyone update their systems as quickly as possible.

A successful exploit could allow the attacker to:

(1) Sign a malicious executable, making it appear the file was from a trusted, legitimate source; the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

Or

(2) Conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

SonicWall Capture Labs Threat Research team provides protection against this vulnerability with the following signatures:

• IPS 14728:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
• IPS 14729:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
• IPS 14730:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
• IPS 14731:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4

** Optrics Inc. is an Registered SonicWall partner

The original article can be found here:

https://securitynews.sonicwall.com/xmlpost/windows-cryptoapi-spoofing-vulnerability-cve-2020-0601/