Security bulletin | Windows CryptoAPI spoofing vulnerability (CVE-2020-0601)

更新时间:
复制 MD 格式

On January 14, Microsoft released a security patch for CVE-2020-0601, addressing a validation bypass vulnerability in the Windows CryptoAPI. An attacker can exploit this vulnerability to spoof a signature, making malicious software such as ransomware or spyware appear as a trusted file. Alibaba Cloud has updated its Windows update sources. Immediately update the operating system of your ECS instances to the latest patch level.

Vulnerability information

  • CVE ID: CVE-2020-0601
  • Severity: critical
  • Patch Release Date: January 14, 2020
  • Affected Versions:
    • Windows 10
    • Windows Server 2016
    • Windows Server 2019
    • Windows Server Version 1809
    • Windows Server Version 1903
    • Windows Server Version 1909

Details

The CVE-2020-0601 vulnerability lies in how the Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography certificates. This vulnerability seriously affects the following scenarios and trusted entities:

  • HTTPS connections
  • Signed files and emails
  • Signed executables launched in user mode

An attacker can exploit this vulnerability to spoof certificate signatures on malicious files, or launch a man-in-the-middle attack to decrypt user connections and intercept confidential information from affected software.

Security recommendation

Apply the official patch immediately.

Resolution

Use one of the following methods to apply the patch.

  • Method 1: Update from Windows Update and confirm the latest security or cumulative updates from January 2020 are installed.
  • Method 2: Visit the official Microsoft website to download the corresponding patch.

Announced by

Alibaba Cloud Computing Co., Ltd.