Help Center> Host Security Service (New)> Best Practices> Detecting and Fixing Vulnerabilities> Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
Updated on 2024-05-14 GMT+08:00
View PDF

Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)

On January 15, 2020, Microsoft released a patch update list, which contains the high-risk vulnerability CVE-2020-0601 that is discovered by National Security Agency (NSA) and affects Microsoft Windows encryption. This vulnerability affects the CryptoAPI Elliptic Curve Cryptography (ECC) certificate validation mechanism. As a result, attackers can interrupt the Windows authentication and encryption trust process and remotely execute code.

Vulnerability ID

CVE-2020-0601

Vulnerability Name

Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)

Vulnerability Details

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates ECC certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable file. The file appears to be from trusted and legitimate sources, and the user cannot know it is malicious. For example, an attacker could exploit this vulnerability to give seemingly trusted signature certificates to malware, such as ransomware, and bypass the Windows trust detection mechanism and mislead users to install the malware.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. Instances that affect Windows trust relationships include common HTTPS connections, file signatures, and email signatures.

Affected Versions

  • Windows 10
  • Windows Server 2016 and Windows Server 2019
  • Applications that depend on Windows CryptoAPI

Official Solution

It is recommended that affected users install the latest vulnerability patch as soon as possible.

For details, see https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-0601.

Suggestion

Perform the following steps to scan and fix a vulnerability.

Ensure you have installed the HSS agent on the server to be fixed, and has enabled protection.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security and Compliance > HSS. The HSS page is displayed.
  3. In the navigation pane, choose Servers & Quota. In the server list, click the name of a Windows server to view its details.
  4. On the details page, choose Vulnerabilities > Windows Vulnerabilities and click Scan.

    Figure 1 Manually starting a vulnerability scan

  5. Fix detected vulnerabilities according to the suggestion in the Solution column.
  6. Restart the fixed servers.
  7. Click Manual Detection again to check whether the vulnerabilities have been fixed.

    You can also choose Vulnerabilities and click Windows Vulnerabilities, search for a vulnerability by its name, and then check and fix the vulnerability.
    • Windows Server 2019: KB4534273
    • Windows Server 2016: KB4534271