Microsoft has rolled out the Patch Tuesday updates for January 2020. Among all the security fixes, there is one that exists for a spoofing vulnerability affecting the Windows CryptoAPI (Crypt32.dll).
Labeled as CVE-2020-0601, the vulnerability was discovered and reported to Microsoft by the NSA. It is present in the way the CryptoAPI performs the validation process for Elliptic Curve Cryptography (ECC) certificates.
The flaw allows an attacker to sign a malicious executable file using a fake code signing certificate, which can be used to make a victim believe that the file is from a trusted source.
The list of systems affected by CVE-2020-0601 includes all versions of Windows 10 and Windows Server 2016/2019.
Microsoft warns that the Windows CryptoAPI bug can be used to perform MITM attacks and “decrypt confidential information on user connections to the affected software.”
NSA has released a separate security advisory where it calls the vulnerability “severe” and says that “sophisticated actors will understand the underlying flaw very quickly.”
Until now, no traces of the vulnerability being actively exploited in the wild have been found. However, Microsoft has secured the devices by releasing patch as part of the latest Windows Update and users are recommended to install it right away.
Overall, the January Patch Tuesday update fixes around 50 bugs that affect different components of Windows.
via Hacker News