What is the CryptoAPI Spoofing Vulnerability? Who is impacted?
A flaw (CVE-2020-0601) has recently been found in the way the Microsoft Windows CryptoAPI performs certificate validation, allowing attackers to spoof X.509 vulnerabilities. This is core cryptographic functionality used by a number of different software components, with far-reaching impact ranging from programming languages to web browsers.
Affected products include:
Windows 10 (all build numbers)
Windows Server 2016
Windows Server 2019
Older versions of Windows are not affected.
Are you impacted by this vulnerability? Scan your environment with InsightVM to find out.
Free Trial
Analysis of CVE-2020-0601
The mitigation steps taken by Microsoft and others (e.g., Google Chrome) to detect and alert users to exploitation attempts are a welcome development for defenders and users. Windows Update services were not affected by this due to extended hardening in years past, showing that defense-in-depth is important for maintaining critical infrastructure.
As of Jan. 15, 2020, this vulnerability is not known to be exploited in the wild. However, proof-of-concept implementations are starting to emerge detailing how to create bogus certificates. Due to the nature of the vulnerability, exploit implementations have a low bar for usage, and Rapid7 researchers were able to easily replicate one of the proof-of-concept implementations. As this trend continues, unpatched systems will become attractive targets for attackers looking to attempt man-in-the-middle attacks. Users of affected systems will also be more susceptible to social engineering attacks, as malicious software packages can be code-signed in order to look legitimate.
This vulnerability also highlights a specification flaw that software projects should ..
Support the originator by clicking the read the rest link below.
: What You Need to Know){kind=link}