CVE-2020-0601
Description
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.
CISA KEV
- Vendor
- Microsoft
- Product
- Windows
- Due date
- 2022-05-03
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | stdlib | >=1.13.0-0,<1.13.7 | 1.12.16 |
References
- https://go.dev/cl/215905
- https://go.googlesource.com/go/+/953bc8f391a63adf00bac2515dba62abe8a1e2c2
- https://go.dev/issue/36834
- https://groups.google.com/g/golang-announce/c/Hsw4mHYc470/m/WJeW5wguEgAJ
- Reference CISA's ED 20-02 (https://www.cisa.gov/news-events/directives/ed-20-02-mitigate-windows-vulnerabilities-january-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-02. https://nvd.nist.gov/vuln/detail/CVE-2020-0601
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.